Dnsmasq DNSSEC UDP issue on Google Compute Engine

by Donny   Last Updated August 14, 2019 17:00 PM

I have a fresh installation of Ubuntu 18.04 on Google Compute Engine. I have compiled the latest version of Dnsmasq (2.80) with the following configuration:

no-resolv
server=8.8.8.8
conf-file=/usr/share/dnsmasq-base/trust-anchors.conf
dnssec
port=5353

I then issue the following command:

dig @127.0.0.1 -p 5353 pir.org

After that there's a long pause, and the result comes back with the following line at the top of dig:

;; Truncated, retrying in TCP mode.

dnsmasq log says:

dnsmasq: reducing DNS packet size for nameserver 8.8.8.8 to 1280

If I do the exact same thing on Amazon Web Services, dig returns immediately without resorting to TCP mode.

Any ideas why GCE is behaving differently to AWS please?



Related Questions


VM-Instance External IP

Updated December 09, 2017 20:00 PM



Monitoring reports incorrect CPU usage on GCP

Updated February 07, 2019 01:00 AM