[SOLVED] Dnssec with dnsmasq-full -> DNS does not work anymore

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello everyone,

i successfully installed the dnsmasq-full package.
This is my configuration:

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option serversfile '/tmp/adb_list.overall'
	option dnssec '0'
	option dnsseccheckunsigned '0'

After enabling DNSSEC by option dnssec '1' dns requests fail.
Here an example output of dig:

dig google.com
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.10.3-P4-Ubuntu <<>> posteo.de
;; global options: +cmd
;; connection timed out; no servers could be reached

I guess the reason for this behavior is connected to the responded packet size

Thu Feb 21 22:26:47 2019 daemon.warn dnsmasq[21088]: reducing DNS packet size for nameserver 192.168.178.1 to 1280

Thank you very much for your help and ideas :slight_smile:

1 Like
2

https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider

3 Likes
3

Thank you :slight_smile: !!!!!
it worked :+1:

4

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

grafik

1 Like
5

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.