Hi Simon Unfortunately, it looks like I've been shouting victory a little soon.
The results are perfect when using dig, however, when using a browser (firefox, edge) the results are unreliable / inconsistent. The assumption is that adding the setting "add-cpe-id=01234" ensures dnsmasq will ALWAYS request EDE information from upstream (unbound). Can you confirm this? There are currently 2 possible causes why it doesn't work perfectly. 1. the dnsmasq setting "add-cpe-id=01234" doesn't do what is expected (always request EDE) 2. unbound doesn't store the EDE information in it's cache. Apparently there are two PRs that haven't been merged in to master yet, that would accomplish this, see the unbound issue https://github.com/NLnetLabs/unbound/issues/873, comment from gthess. Note that I also have knot-resolver installed on my system (using it for script related tasks - normally inactive). The pi-hole scripts will use knot-resolver as upstream (configured using server= dnsmasq setting, example "server=/v.firebog.net/127.10.10.5#5555"). The results from queries with knot-resolver as upstream are also inconsistent. I have no idea if knot-resolver caches EDE info, there is a lot less info available for knot-resolver... I'm waiting for the unbound PR's to be merged in to master, so I can compile unbound with these changes, possibly excluding or confirming this as the cause. Could you confirm the setting "add-cpe-id=01234" does instruct dnsmasq to always request EDE, if NOT, is it possible to do this in another way? Note that the changes made by the pi-hole developers have been implemented in pi-hole-FTL, the dnsmasq code for proxy-dnssec hasn't been changed, so using EDE only works with pi-hole, not with the official dnsmasq v2.89 Don't know if you have a direct line with the pi-hole developer, if you do, you could discuss this directly, I'm just the middle man here, knowledgeable enough to test, not to change the code... _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
