Dnsmasq fails to do dns lookups


On both 19.07.0 and 19.07.1 on a fresh install dnsmasq has failed to do dns lookups. Now I can cure the problem my creating

touch /usr/share/dnsmasq/trust-anchors.conf

Is this a know problem, is it becuase I mention DNSSEC in the config?


N.B. Same problem with both dnsmasq and dnsmasq-full

Can you show this config???

In /etc/config/dhcp I have:

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option dnssec '0'
	option dnsseccheckunsigned '0'

So I have dnssec=0 and dnsseccheckunsigned=0 so both disabled.

History: in 18:06 openwrt time frame, on desk top computers systemd set dnssec to allow-downgrade. On arm machines this gave many users problems, as DNS didn't work - due to DNSSEC issues. When looking into this (I didn't have a problem), I installed dnsmasq-full, and set on DNSSEC with the above both set to 1. When I was going to move to 19:07, I set both to zero, so assumed that DNSSEC was then disabled, so I would be OK with just dnsmasq.

Alas no, so updated to dnsmasq-full - and still the errors. Went back to my notes on 18.06, and the said create /usr/share/dnsmasq/trust-anchors.conf. Which is now populated (in dnsmasq-full) to:

# The root DNSSEC trust anchor, valid as at 10/02/2017

# Note that this is a DS record (ie a hash of the root Zone Signing Key) 
# If was downloaded from https://data.iana.org/root-anchors/root-anchors.xml


Which is what dnsmasq propulated it with ...