You are not logged in.
Hi,
I've been able to make dnsmasq work as local DNS cache in front of dnscrypt-proxy with only one caveat, DNSSEC settings.
# Uncomment these to enable DNSSEC validation and caching:
# (Requires dnsmasq to be built with DNSSEC option.)
conf-file=/usr/share/dnsmasq/trust-anchors.conf
dnssec
When queries are forwarded to dnscrypt-proxy with these settings enabled, DNS resolution doesn't work at all. Changing server for a well known public resolver (1.1.1.1 or 8.8.8.8) makes DNS work again but consecutive queries are never replied from local cache, no matter if cache_min_ttl is set to 10 minutes.
➜ # ~ drill archlinux.org
;; ANSWER SECTION:
archlinux.org. 425 IN A 138.201.81.199;; Query time: 53 msec
;; SERVER: 127.0.0.1
;; WHEN: Fri Oct 4 21:11:13 2019
;; MSG SIZE rcvd: 47➜ # ~ drill archlinux.org
;; ANSWER SECTION:
archlinux.org. 420 IN A 138.201.81.199;; Query time: 50 msec
;; SERVER: 127.0.0.1
;; WHEN: Fri Oct 4 21:11:18 2019
;; MSG SIZE rcvd: 47
Last edited by Jason P. (2019-10-05 17:21:36)
Offline
I've activated logging in dnsmasq to see what's going on. Today dnsmasq and dnscrypt-proxy are working fine together, although some queries can fail DNSSEC validation at first attempt and be OK after the second. I believe this is happening because dnscrypt-proxy implements some kind of load balancing between available servers.
Offline