On Wed, Jun 15, 2011 at 20:05, Robert Edmonds <edmo...@debian.org> wrote: > Maik Zumstrull wrote:
>> I've noticed this on my home router, which has a fairly fresh dnsmasq. >> Apparently, unbound can't resolve through this and just SERVFAILs for >> everything. Obviously, this is primarily a problem in dnsmasq (I >> assume). But since dnsmasq is in tons of home routers and unbound uses >> forwarding by default in Debian, I think it's important to have a >> workaround in place. > > it would be useful if you could get a packet trace of the failure. > run something like: > > # tcpdump -s1518 -pni any -w dnsmasq-failure.pcap 'tcp port 53 or udp port 53' Sure, no problem. Attached. The trace leads me to assume that this might not be dnsmasq's fault, but this: https://groups.google.com/d/topic/public-dns-discuss/9vXr9AJny4w/discussion On the other hand, forwarding from dnsmasq to a different server that can return DS records doesn't fix it. So maybe it's double-broken: Google doesn't deliver the DS records, but dnsmasq would trash them if they did.
dnsmasq-failure.pcap
Description: Binary data