On 23.12.2025 11:36, Matus UHLAR - fantomas wrote:
On 23.12.25 17:48, zhangguodong--- via Dnsmasq-discuss wrote:
I'm using dnsmasq as a local caching resolver for several years and
upgrade to version 2.91 recently. It used to work properly in the
past, but the queries to dnsmasq can not be replied now.
I have confirmed that my home broadband provider's firewall is
blocking query packets with the EDNS0 header, based on a comparison
between versions 2.91 and 2.90.
From the changelog of version 2.91, I also learn that EDNS0 header
will be always added when talking to upstream now.
Have you tried to handle this with your provider?
EDNS is 25 years old (RFC 2671, August 1999) and required for many
functionalities, especially since many DNS replies are bigger than the
old 512B maximum for DNS UDP packets.
Therefore, is it possible to add an option to control whether to
always add EDNS0 header?
I think Matus is right here. Even if dnsmasq doesn't always add EDNS,
many clients will send queries to dnsmasq with EDNS, which dnsmasq will
then forward. Many features (example DNSSEC) will break without EDNS or
break because of EDNS and the broken firewall. The best solution if to
fix the firewall, which is long, long out-of-date.
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
[email protected]
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
