Package: dnsmasq Version: 2.72-3+deb8u1 Severity: normal Dear Maintainer,
Since cloudflare.com changed to dnssec dnsmasq can't resolve any domain which is hosted by them. I can easyly reproduce this issue if I create a blank debian jessie (I used docker), install dnsmasq and enable dnssec as in the changed config file attached. As parent dns server I used 8.8.8.8, I also try other servers but always the same issue. If I use now dig I get an empty response. With nslookup I get the follow error: ** server can't find cloudflare.com: SERVFAIL In the docker container I can resolve the problem with a update to the newer version of dnsmasq from stretch. But I think it should also get fixed in the stable release. -- System Information: Debian Release: 8.2 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages dnsmasq depends on: ii dnsmasq-base 2.72-3+deb8u1 ii init-system-helpers 1.22 ii netbase 5.3 dnsmasq recommends no packages. Versions of packages dnsmasq suggests: pn resolvconf <none> -- Configuration Files: /etc/dnsmasq.conf changed: conf-file=/usr/share/dnsmasq-base/trust-anchors.conf dnssec resolv-file=/etc/resolv.dnsmasq.conf -- no debconf information
