Case mismatch in DNS reply

spharticus · February 7, 2025, 12:44am

Hello - I've recieved this error a couple of times so far today:

Warning in dnsmasq core:
Case mismatch in DNS reply - check bit 0x20 encoding

I've done some gooling and not finding much related to a case mismatch or the 0x20 address. Of course I don't know what I don't know... I did see something about the 0x20 bit and security so I thought I would check.

Currently running two pi-hole v6
1 - HPE DL380 gen 10, proxmox, in LXC
2 - R pi zero 2 w

I used the teleporter to copy from #1 to #2 and rebuilt #2 just yesterday. This error does not show on #2.

I pulled the query log at the error timestamp. There are a couple 'unknown' queries that happened at that point. No other obvious anomolies.

2025-02-06 18:12:40 TXT b3d020e9.test 192.168.10.13 0.0 µs
Query received on: 2025-02-06 18:12:40.966Client: 192.168.10.13Query Status:
UNKNOWNReply: No reply receivedDatabase ID: 4546888

|2025-02-06 18:12:40||TXT|02a7c610.test|192.168.10.12|0.0 µs||
|Query received on: 2025-02-06 18:12:40.548
Client: 192.168.10.12
Query Status: UNKNOWN
Reply: No reply received
Database ID: 4546894|

|025-02-06 18:12:40||PTR|lb._dns-sd._udp.spharticus.home|192.168.30.168|0.0 µs||
|Query received on: 2025-02-06 18:12:40.370
Client: 192.168.30.168
Query Status: UNKNOWN
Reply: No reply received
Database ID: 4546906|

|2025-02-06 18:12:40||TXT|b6c12a4f.test|192.168.10.10|0.0 µs||
|Query received on: 2025-02-06 18:12:40.377
Client: 192.168.10.10
Query Status: UNKNOWN
Reply: No reply received
Database ID: 4546905|

It just started showing up today.

Thank you!

https://tricorder.pi-hole.net/tT9WiMM7/

gpb · February 7, 2025, 2:23am

I also had this error today...dismissed the error and was going to watch for it again.

DL6ER · February 7, 2025, 4:20am

It is a new security feature introduced in the most recent dnsmasq version merged yesterday. It means that the upstream DNS server you are using is mangling case for DNS queries.

Which/what kind of upstream servers do you use?

edit the new security feature can be suppressed by adding no-0x20-encode as new dnsmasq option, e.g., via the expert settings page as additional dnsmasq config (misc.dnsmasq_lines). I'll think about adding a new dedicated option if this really turns out to be an issue (and not maybe only the new feature being broken).

spharticus · February 7, 2025, 4:56am

I have unbound setup on both. Happy to check anything you recommend.

DL6ER · February 7, 2025, 5:59am

Could you get me the relevant log lines from the pihole.log?

Something like

grep -C 100 "Case mismatch" /var/log/pihole/pihole.*

should collect some relevant information. You can then run

grep -C 100 "Case mismatch" /var/log/pihole/pihole.* | pihole tricorder

to upload it securely. Please provide the shown URL so we can find/access you uploads.

Thank you!

Bui_Luan · February 7, 2025, 11:42am

https://tricorder.pi-hole.net/gzIy0wH0/
I also had this error today

spharticus · February 7, 2025, 1:06pm

https://tricorder.pi-hole.net/XvQFFYXv/

dkachel7258 · February 7, 2025, 3:57pm

The mixed-case thing sounds like something I've been running into with the Cloudflared DNS-over-HTTPS service. Sometimes when I'd use dig to make a query via port 5053 on my Pi-hole system, I get a mixed-case response back. If I re-issue the command via Pi-hole port 53 (with the upstream server NOT configured as 127.0.0.1#5053) then I'll get a normal response. When not configured as Clouflared-DOH, Ph-hole's upstream servers are configured as Cloudflared.

Of course, now that I want to include an example, it's working just fine.

FWIW, Cloudflared-DOH is configured to use 'cloudflared-dns.com'. And I've been noticing this for a few weeks.

I did notice a 'mixed case' DNSMASQ error in Pi-hole after switching over to beta 6 this morning (had been running v5).

DL6ER · February 7, 2025, 4:52pm

I have been able to reproduce this locally. We are working on a fix and validation thereof. As soon as I have something for you to test, I will come back to you.

DL6ER · February 8, 2025, 6:03am

Please try

sudo pihole checkout ftl update/dnsmasq

for a proposed bugfix affecting case issues with retried queries. More details on this later.

mwoolweaver1 · February 8, 2025, 7:20am

grep -C 100 "Case mismatch" /var/log/pihole/pihole.* | pihole tricorder

https://tricorder.pi-hole.net/NVfsVgNF/

grep -C 100 "Case mismatch" /var/log/pihole/FTL.* | pihole tricorder

https://tricorder.pi-hole.net/wciJPwYG/

this is from after switching to the branch you mentioned @ around 2025-02-08 01:09

i will keep an eye out for more

DL6ER · February 8, 2025, 8:37am

More details on this particular bug fix here:

github.com/pi-hole/FTL

Update dnsmasq to 2.91rc3

development ← update/dnsmasq

opened 08:36AM - 08 Feb 25 UTC

DL6ER

+17 -7

# What does this implement/fix? This PR contains only one commit to resolve a… bug reported through our Discourse forum: A retry to upstream DNS servers triggered by the following conditions 1) A query asking for the same data as a previous query which has not yet been answered. 2) The second query arrives more than two seconds after the first. 3) Either the source of the second query or the id field differs from the first. fails to set the case of the retry to the same pattern as the first attempt. However `dnsmasq` expects the reply from upstream to have the case pattern of the first attempt. If the answer to the retry arrives before the answer to the first query, dnsmasq will notice the case mismatch, log an error, and ignore the answer. The worst case scenario would be the first upstream query or reply is lost and there would follow a short period where all queries for that particular domain would fail. This is a `development` issue, it doesn't apply to previous stable releases. --- **Related issue or feature (if applicable):** see comment below **Pull request in [docs](https://github.com/pi-hole/docs) with documentation (if applicable):** N/A --- **By submitting this pull request, I confirm the following:** 1. I have read and understood the [contributors guide](https://docs.pi-hole.net/guides/github/contributing/), as well as this entire template. I understand which branch to base my commits and Pull Requests against. 2. I have commented my proposed changes within the code. 3. I am willing to help maintain this change if there are issues with it later. 4. It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1) 5. I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)) ## Checklist: - [x] The code change is tested and works locally. - [x] I based my code and PRs against the repositories `developmental` branch. - [x] I [signed off](https://docs.pi-hole.net/guides/github/how-to-signoff/) all commits. Pi-hole enforces the [DCO](https://docs.pi-hole.net/guides/github/dco/) for all contributions - [x] I [signed](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) all my commits. Pi-hole requires signatures to verify authorship - [x] I have read the above and my PR is ready for review.

It'd be interesting if you get more errors after switching to the update/dnsmasq branch.

Also, it'd be great if you could enable query logging during debugging:

sudo pihole-FTL --config dns.queryLogging true

spharticus · February 8, 2025, 2:11pm

switched at 0810 cst, enabled logging. Will monitor

sawsanders · February 8, 2025, 5:44pm

Updated to the latest and I see the error shortly after FTL restarts, then not again. It's pretty consistent after restart.

Here's a snippet of my log that shows one right after restart with debug queries = true.

pi@pi5:/var/log/pihole$ sudo cat FTL.log | grep mismatch
2025-02-08 08:56:13.648 PST [304716M] WARNING: WARNING in dnsmasq core: Case mismatch in DNS reply - check bit 0x20 encoding.
2025-02-08 09:00:00.432 PST [306646M] WARNING: WARNING in dnsmasq core: Case mismatch in DNS reply - check bit 0x20 encoding.
2025-02-08 09:03:43.485 PST [951M] WARNING: WARNING in dnsmasq core: Case mismatch in DNS reply - check bit 0x20 encoding.
2025-02-08 09:19:17.721 PST [4564M] WARNING: WARNING in dnsmasq core: Case mismatch in DNS reply - check bit 0x20 encoding.
pi@pi5:/var/log/pihole$ sudo cat FTL.log | grep 09:19.17
2025-02-08 09:19:17.123 PST [4564M] INFO: Imported 107261 queries from the on-disk database (it has 5075003 rows)
2025-02-08 09:19:17.123 PST [4564M] INFO: Parsing queries in database
2025-02-08 09:19:17.179 PST [4564M] INFO:   10000 queries parsed...
2025-02-08 09:19:17.221 PST [4564M] INFO:   20000 queries parsed...
2025-02-08 09:19:17.258 PST [4564M] INFO:   30000 queries parsed...
2025-02-08 09:19:17.292 PST [4564M] INFO:   40000 queries parsed...
2025-02-08 09:19:17.326 PST [4564M] INFO:   50000 queries parsed...
2025-02-08 09:19:17.367 PST [4564M] INFO:   60000 queries parsed...
2025-02-08 09:19:17.402 PST [4564M] INFO:   70000 queries parsed...
2025-02-08 09:19:17.431 PST [4564M] INFO:   80000 queries parsed...
2025-02-08 09:19:17.460 PST [4564M] INFO:   90000 queries parsed...
2025-02-08 09:19:17.495 PST [4564M] INFO:   100000 queries parsed...
2025-02-08 09:19:17.521 PST [4564M] INFO: Imported 107256 queries from the long-term database
2025-02-08 09:19:17.521 PST [4564M] INFO:  -> Total DNS queries: 107256
2025-02-08 09:19:17.521 PST [4564M] INFO:  -> Cached DNS queries: 33307
2025-02-08 09:19:17.521 PST [4564M] INFO:  -> Forwarded DNS queries: 47492
2025-02-08 09:19:17.521 PST [4564M] INFO:  -> Blocked DNS queries: 25614
2025-02-08 09:19:17.521 PST [4564M] INFO:  -> Unknown DNS queries: 392
2025-02-08 09:19:17.521 PST [4564M] INFO:  -> Unique domains: 3408
2025-02-08 09:19:17.521 PST [4564M] INFO:  -> Unique clients: 67
2025-02-08 09:19:17.521 PST [4564M] INFO:  -> DNS cache records: 2219
2025-02-08 09:19:17.521 PST [4564M] INFO:  -> Known forward destinations: 4
2025-02-08 09:19:17.632 PST [4564M] INFO: FTL is running as user pihole (UID 999)
2025-02-08 09:19:17.633 PST [4564M] INFO: Reading certificate from /etc/pihole/tls.pem ...
2025-02-08 09:19:17.633 PST [4564M] INFO: Using SSL/TLS certificate file /etc/pihole/tls.pem
2025-02-08 09:19:17.633 PST [4564M] INFO: Web server ports:
2025-02-08 09:19:17.633 PST [4564M] INFO:   - 80 (HTTP, IPv4)
2025-02-08 09:19:17.633 PST [4564M] INFO:   - 80 (HTTP, IPv6)
2025-02-08 09:19:17.633 PST [4564M] INFO:   - 443 (HTTPS, IPv4)
2025-02-08 09:19:17.633 PST [4564M] INFO:   - 443 (HTTPS, IPv6)
2025-02-08 09:19:17.635 PST [4564M] INFO: Restored 7 API sessions from the database
2025-02-08 09:19:17.643 PST [4564M] INFO: Blocking status is enabled
2025-02-08 09:19:17.643 PST [4564M] DEBUG_QUERIES: Domain suffix is "home.arpa"
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[A] query "time.apple.com" from eth0/192.168.10.114#55273 (ID 1, FTL 107189, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: time.apple.com is not known
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: **** forwarded time.apple.com to 127.0.0.1#5335 (ID 1, src/dnsmasq/forward.c:573)
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: DNS cache: A/192.168.10.114/time.apple.com -> FORWARDED, no expiry
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[HTTPS] query "mask.icloud.com" from eth0/192.168.10.114#51603 (ID 2, FTL 107190, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: mask.icloud.com is not known
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Special domain: mask.icloud.com is Apple iCloud Private Relay domain
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Preparing reply for "mask.icloud.com"
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Forced DNS reply to NXDOMAIN
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Setting EDE: blocked (15) + "special"
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: **** got cache reply: mask.icloud.com is (NXDOMAIN) (ID 2, src/dnsmasq_interface.c:549)
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Set reply to NXDOMAIN (2) in src/dnsmasq_interface.c:2330
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[A] query "mask.icloud.com" from eth0/192.168.10.114#62481 (ID 3, FTL 107191, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: mask.icloud.com is not known
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Special domain: mask.icloud.com is Apple iCloud Private Relay domain
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Preparing reply for "mask.icloud.com"
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Forced DNS reply to NXDOMAIN
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Setting EDE: blocked (15) + "special"
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: **** got cache reply: mask.icloud.com is (NXDOMAIN) (ID 3, src/dnsmasq_interface.c:549)
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Set reply to NXDOMAIN (2) in src/dnsmasq_interface.c:2330
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[HTTPS] query "mask-h2.icloud.com" from eth0/192.168.10.114#55602 (ID 4, FTL 107192, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: mask-h2.icloud.com is not known
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Special domain: mask-h2.icloud.com is Apple iCloud Private Relay domain
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Preparing reply for "mask-h2.icloud.com"
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Forced DNS reply to NXDOMAIN
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Setting EDE: blocked (15) + "special"
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: **** got cache reply: mask-h2.icloud.com is (NXDOMAIN) (ID 4, src/dnsmasq_interface.c:549)
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Set reply to NXDOMAIN (2) in src/dnsmasq_interface.c:2330
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[A] query "mask-h2.icloud.com" from eth0/192.168.10.114#57353 (ID 5, FTL 107193, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: mask-h2.icloud.com is not known
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Special domain: mask-h2.icloud.com is Apple iCloud Private Relay domain
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Preparing reply for "mask-h2.icloud.com"
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Forced DNS reply to NXDOMAIN
2025-02-08 09:19:17.644 PST [4564M] DEBUG_QUERIES: Setting EDE: blocked (15) + "special"
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: **** got cache reply: mask-h2.icloud.com is (NXDOMAIN) (ID 5, src/dnsmasq_interface.c:549)
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: Set reply to NXDOMAIN (2) in src/dnsmasq_interface.c:2330
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[A] query "fw-snaps.prod.gws.ring.amazon.dev" from eth0/172.31.31.84#45300 (ID 6, FTL 107194, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: fw-snaps.prod.gws.ring.amazon.dev is not known
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: **** forwarded fw-snaps.prod.gws.ring.amazon.dev to 127.0.0.1#5335 (ID 6, src/dnsmasq/forward.c:573)
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: DNS cache: A/172.31.31.84/fw-snaps.prod.gws.ring.amazon.dev -> FORWARDED, no expiry
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[A] query "fw-snaps.prod.gws.ring.amazon.dev" from eth0/172.31.31.84#45300 (ID 7, FTL 107195, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: Set global cache status to 2
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: fw-snaps.prod.gws.ring.amazon.dev is known as not to be blocked
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: 7: Ignoring self-retry
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: **** forwarded fw-snaps.prod.gws.ring.amazon.dev to 127.0.0.1#5335 (ID 7, src/dnsmasq/forward.c:573)
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DS] query "dev" from -/<internal>#53 (ID 8, FTL 107196, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: **** forwarded dev to 127.0.0.1#5335 (ID 8, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: DNS cache: DS/::/dev -> FORWARDED, no expiry
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DNSKEY] query "." from -/<internal>#53 (ID 9, FTL 107197, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: **** forwarded . to 127.0.0.1#5335 (ID 9, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: DNS cache: DNSKEY/::/. -> FORWARDED, no expiry
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: . is DNSKEY (ID 9, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: **** got upstream reply: . is DNSKEY (ID 9, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.645 PST [4564M] DEBUG_QUERIES: **** got upstream reply: . is DNSKEY (ID 9, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** got upstream reply: dev is DNSKEY (ID 8, src/dnsmasq/dnssec.c:1113)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DS] query "amazon.dev" from -/<internal>#53 (ID 10, FTL 107198, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** forwarded amazon.dev to 127.0.0.1#5335 (ID 10, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: DNS cache: DS/::/amazon.dev -> FORWARDED, no expiry
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DNSKEY] query "dev" from -/<internal>#53 (ID 11, FTL 107199, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** forwarded dev to 127.0.0.1#5335 (ID 11, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: DNS cache: DNSKEY/::/dev -> FORWARDED, no expiry
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: dev is DNSKEY (ID 11, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** got upstream reply: dev is DNSKEY (ID 11, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** got upstream reply: amazon.dev is no DS (ID 10, src/dnsmasq/dnssec.c:1151)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: Set reply to NODATA (1) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DS] query "com" from -/<internal>#53 (ID 12, FTL 107200, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** forwarded com to 127.0.0.1#5335 (ID 12, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: DNS cache: DS/::/com -> FORWARDED, no expiry
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: com is DNSKEY (ID 12, src/dnsmasq/dnssec.c:1113)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DS] query "ring.com" from -/<internal>#53 (ID 13, FTL 107201, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: **** forwarded ring.com to 127.0.0.1#5335 (ID 13, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.646 PST [4564M] DEBUG_QUERIES: DNS cache: DS/::/ring.com -> FORWARDED, no expiry
2025-02-08 09:19:17.647 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DNSKEY] query "com" from -/<internal>#53 (ID 14, FTL 107202, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.647 PST [4564M] DEBUG_QUERIES: **** forwarded com to 127.0.0.1#5335 (ID 14, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.647 PST [4564M] DEBUG_QUERIES: DNS cache: DNSKEY/::/com -> FORWARDED, no expiry
2025-02-08 09:19:17.647 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: com is DNSKEY (ID 14, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.647 PST [4564M] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.647 PST [4564M] DEBUG_QUERIES: **** got upstream reply: com is DNSKEY (ID 14, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: **** got upstream reply: ring.com is no DS (ID 13, src/dnsmasq/dnssec.c:1151)
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: Set reply to NODATA (1) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: **** DNSSEC fw-snaps.prod.gws.ring.amazon.dev is INSECURE (ID 7, src/dnsmasq/forward.c:1461)
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: fw-snaps.prod.gws.ring.amazon.dev is (CNAME) (ID 7, src/dnsmasq/rfc1035.c:911)
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: Set reply to CNAME (3) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: FTL_CNAME called with: src = fw-snaps.prod.gws.ring.amazon.dev, dst = fw-snaps.ring.com, id = 7
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: fw-snaps.ring.com is not known
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: Query 7: CNAME fw-snaps.prod.gws.ring.amazon.dev ---> fw-snaps.ring.com
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: **** got upstream reply: fw-snaps.ring.com is (CNAME) (ID 7, src/dnsmasq/rfc1035.c:911)
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: FTL_CNAME called with: src = fw-snaps.ring.com, dst = snapshotsgw.prod.gws.ring.amazon.dev, id = 7
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: snapshotsgw.prod.gws.ring.amazon.dev is not known
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: Query 7: CNAME fw-snaps.ring.com ---> snapshotsgw.prod.gws.ring.amazon.dev
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: **** got upstream reply: snapshotsgw.prod.gws.ring.amazon.dev is (CNAME) (ID 7, src/dnsmasq/rfc1035.c:911)
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: FTL_CNAME called with: src = snapshotsgw.prod.gws.ring.amazon.dev, dst = snapshotsgw-geo.prod.gws.ring.amazon.dev, id = 7
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: snapshotsgw-geo.prod.gws.ring.amazon.dev is not known
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: Query 7: CNAME snapshotsgw.prod.gws.ring.amazon.dev ---> snapshotsgw-geo.prod.gws.ring.amazon.dev
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: **** got upstream reply: snapshotsgw-geo.prod.gws.ring.amazon.dev is (CNAME) (ID 7, src/dnsmasq/rfc1035.c:911)
2025-02-08 09:19:17.649 PST [4564M] DEBUG_QUERIES: FTL_CNAME called with: src = snapshotsgw-geo.prod.gws.ring.amazon.dev, dst = snapshotsgw.us-west-2.prod.gws.ring.amazon.dev, id = 7
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: snapshotsgw.us-west-2.prod.gws.ring.amazon.dev is not known
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Query 7: CNAME snapshotsgw-geo.prod.gws.ring.amazon.dev ---> snapshotsgw.us-west-2.prod.gws.ring.amazon.dev
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** got upstream reply: snapshotsgw.us-west-2.prod.gws.ring.amazon.dev is (CNAME) (ID 7, src/dnsmasq/rfc1035.c:911)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: FTL_CNAME called with: src = snapshotsgw.us-west-2.prod.gws.ring.amazon.dev, dst = snapshotsgw.c0.us-west-2.prod.gws.ring.amazon.dev, id = 7
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: snapshotsgw.c0.us-west-2.prod.gws.ring.amazon.dev is not known
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Query 7: CNAME snapshotsgw.us-west-2.prod.gws.ring.amazon.dev ---> snapshotsgw.c0.us-west-2.prod.gws.ring.amazon.dev
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** got upstream reply: snapshotsgw.c0.us-west-2.prod.gws.ring.amazon.dev is (CNAME) (ID 7, src/dnsmasq/rfc1035.c:911)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: FTL_CNAME called with: src = snapshotsgw.c0.us-west-2.prod.gws.ring.amazon.dev, dst = snapshotsgw-alb.c0.us-west-2.prod.gws.ring.amazon.dev, id = 7
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: snapshotsgw-alb.c0.us-west-2.prod.gws.ring.amazon.dev is not known
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Query 7: CNAME snapshotsgw.c0.us-west-2.prod.gws.ring.amazon.dev ---> snapshotsgw-alb.c0.us-west-2.prod.gws.ring.amazon.dev
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** got upstream reply: snapshotsgw-alb.c0.us-west-2.prod.gws.ring.amazon.dev is 100.20.30.78 (ID 7, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** got upstream reply: snapshotsgw-alb.c0.us-west-2.prod.gws.ring.amazon.dev is 52.42.133.0 (ID 7, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** got upstream reply: snapshotsgw-alb.c0.us-west-2.prod.gws.ring.amazon.dev is 44.236.64.98 (ID 7, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** got upstream reply: snapshotsgw-alb.c0.us-west-2.prod.gws.ring.amazon.dev is 35.82.134.10 (ID 7, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** got upstream reply: snapshotsgw-alb.c0.us-west-2.prod.gws.ring.amazon.dev is 44.235.82.123 (ID 7, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** got upstream reply: snapshotsgw-alb.c0.us-west-2.prod.gws.ring.amazon.dev is 34.216.242.41 (ID 7, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** got upstream reply: snapshotsgw-alb.c0.us-west-2.prod.gws.ring.amazon.dev is 52.32.74.57 (ID 7, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** got upstream reply: snapshotsgw-alb.c0.us-west-2.prod.gws.ring.amazon.dev is 52.26.219.81 (ID 7, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[A] query "time.apple.com" from eth0/192.168.10.114#55273 (ID 15, FTL 107203, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Set global cache status to 2
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: time.apple.com is known as not to be blocked
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: 15: Ignoring self-retry
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** forwarded time.apple.com to 127.0.0.1#5335 (ID 15, src/dnsmasq/forward.c:573)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[HTTPS] query "mask.icloud.com" from eth0/192.168.10.114#51603 (ID 16, FTL 107204, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Set global cache status to 16
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: mask.icloud.com is known as special domain
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Preparing reply for "mask.icloud.com"
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Forced DNS reply to NXDOMAIN
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Setting EDE: blocked (15) + "special"
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** got cache reply: mask.icloud.com is (NXDOMAIN) (ID 16, src/dnsmasq_interface.c:549)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Set reply to NXDOMAIN (2) in src/dnsmasq_interface.c:2330
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[A] query "mask.icloud.com" from eth0/192.168.10.114#62481 (ID 17, FTL 107205, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: Set global cache status to 16
2025-02-08 09:19:17.650 PST [4564M] DEBUG_QUERIES: mask.icloud.com is known as special domain
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Preparing reply for "mask.icloud.com"
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Forced DNS reply to NXDOMAIN
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Setting EDE: blocked (15) + "special"
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: **** got cache reply: mask.icloud.com is (NXDOMAIN) (ID 17, src/dnsmasq_interface.c:549)
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Set reply to NXDOMAIN (2) in src/dnsmasq_interface.c:2330
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[HTTPS] query "mask-h2.icloud.com" from eth0/192.168.10.114#55602 (ID 18, FTL 107206, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Set global cache status to 16
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: mask-h2.icloud.com is known as special domain
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Preparing reply for "mask-h2.icloud.com"
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Forced DNS reply to NXDOMAIN
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Setting EDE: blocked (15) + "special"
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: **** got cache reply: mask-h2.icloud.com is (NXDOMAIN) (ID 18, src/dnsmasq_interface.c:549)
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Set reply to NXDOMAIN (2) in src/dnsmasq_interface.c:2330
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[A] query "mask-h2.icloud.com" from eth0/192.168.10.114#57353 (ID 19, FTL 107207, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Set global cache status to 16
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: mask-h2.icloud.com is known as special domain
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Preparing reply for "mask-h2.icloud.com"
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Forced DNS reply to NXDOMAIN
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Setting EDE: blocked (15) + "special"
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: **** got cache reply: mask-h2.icloud.com is (NXDOMAIN) (ID 19, src/dnsmasq_interface.c:549)
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Set reply to NXDOMAIN (2) in src/dnsmasq_interface.c:2330
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[A] query "pool.ntp.org" from eth0/192.168.10.195#41330 (ID 20, FTL 107208, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: pool.ntp.org is not known
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: **** forwarded pool.ntp.org to 127.0.0.1#5335 (ID 20, src/dnsmasq/forward.c:573)
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: DNS cache: A/192.168.10.195/pool.ntp.org -> FORWARDED, no expiry
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[A] query "time.nist.gov" from eth0/192.168.10.22#58861 (ID 21, FTL 107209, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: time.nist.gov is not known
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: **** forwarded time.nist.gov to 127.0.0.1#5335 (ID 21, src/dnsmasq/forward.c:573)
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: DNS cache: A/192.168.10.22/time.nist.gov -> FORWARDED, no expiry
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[AAAA] query "time.nist.gov" from eth0/192.168.10.22#58861 (ID 22, FTL 107210, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: time.nist.gov is not known
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.651 PST [4564M] DEBUG_QUERIES: **** forwarded time.nist.gov to 127.0.0.1#5335 (ID 22, src/dnsmasq/forward.c:573)
2025-02-08 09:19:17.652 PST [4564M] DEBUG_QUERIES: DNS cache: AAAA/192.168.10.22/time.nist.gov -> FORWARDED, no expiry
2025-02-08 09:19:17.654 PST [4564M] DEBUG_QUERIES: **** new UDP IPv4 query[A] query "gateway.fe2.apple-dns.net" from eth0/192.168.10.114#53262 (ID 23, FTL 107211, src/dnsmasq/forward.c:1913)
2025-02-08 09:19:17.654 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.654 PST [4564M] DEBUG_QUERIES: gateway.fe2.apple-dns.net is not known
2025-02-08 09:19:17.654 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.654 PST [4564M] DEBUG_QUERIES: **** forwarded gateway.fe2.apple-dns.net to 127.0.0.1#5335 (ID 23, src/dnsmasq/forward.c:573)
2025-02-08 09:19:17.654 PST [4564M] DEBUG_QUERIES: DNS cache: A/192.168.10.114/gateway.fe2.apple-dns.net -> FORWARDED, no expiry
2025-02-08 09:19:17.654 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DS] query "net" from -/<internal>#53 (ID 24, FTL 107212, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.654 PST [4564M] DEBUG_QUERIES: **** forwarded net to 127.0.0.1#5335 (ID 24, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.655 PST [4564M] DEBUG_QUERIES: DNS cache: DS/::/net -> FORWARDED, no expiry
2025-02-08 09:19:17.655 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: net is DNSKEY (ID 24, src/dnsmasq/dnssec.c:1113)
2025-02-08 09:19:17.655 PST [4564M] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.655 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DS] query "apple-dns.net" from -/<internal>#53 (ID 25, FTL 107213, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.655 PST [4564M] DEBUG_QUERIES: **** forwarded apple-dns.net to 127.0.0.1#5335 (ID 25, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.655 PST [4564M] DEBUG_QUERIES: DNS cache: DS/::/apple-dns.net -> FORWARDED, no expiry
2025-02-08 09:19:17.655 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DNSKEY] query "net" from -/<internal>#53 (ID 26, FTL 107214, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.655 PST [4564M] DEBUG_QUERIES: **** forwarded net to 127.0.0.1#5335 (ID 26, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.655 PST [4564M] DEBUG_QUERIES: DNS cache: DNSKEY/::/net -> FORWARDED, no expiry
2025-02-08 09:19:17.655 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: net is DNSKEY (ID 26, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.656 PST [4564M] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.656 PST [4564M] DEBUG_QUERIES: **** got upstream reply: net is DNSKEY (ID 26, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.657 PST [4564M] DEBUG_QUERIES: **** got upstream reply: apple-dns.net is no DS (ID 25, src/dnsmasq/dnssec.c:1151)
2025-02-08 09:19:17.657 PST [4564M] DEBUG_QUERIES: Set reply to NODATA (1) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.657 PST [4564M] DEBUG_QUERIES: **** DNSSEC gateway.fe2.apple-dns.net is INSECURE (ID 23, src/dnsmasq/forward.c:1461)
2025-02-08 09:19:17.657 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: gateway.fe2.apple-dns.net is 17.248.194.64 (ID 23, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.657 PST [4564M] DEBUG_QUERIES: Set reply to IP (4) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.657 PST [4564M] DEBUG_QUERIES: **** got upstream reply: gateway.fe2.apple-dns.net is 17.248.194.66 (ID 23, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.721 PST [4564M] WARNING: WARNING in dnsmasq core: Case mismatch in DNS reply - check bit 0x20 encoding.
2025-02-08 09:19:17.722 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DS] query "apple.com" from -/<internal>#53 (ID 27, FTL 107215, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.722 PST [4564M] DEBUG_QUERIES: **** forwarded apple.com to 127.0.0.1#5335 (ID 27, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.722 PST [4564M] DEBUG_QUERIES: DNS cache: DS/::/apple.com -> FORWARDED, no expiry
2025-02-08 09:19:17.724 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: apple.com is no DS (ID 27, src/dnsmasq/dnssec.c:1151)
2025-02-08 09:19:17.724 PST [4564M] DEBUG_QUERIES: Set reply to NODATA (1) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.724 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DS] query "aaplimg.com" from -/<internal>#53 (ID 28, FTL 107216, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.724 PST [4564M] DEBUG_QUERIES: **** forwarded aaplimg.com to 127.0.0.1#5335 (ID 28, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.724 PST [4564M] DEBUG_QUERIES: DNS cache: DS/::/aaplimg.com -> FORWARDED, no expiry
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: aaplimg.com is no DS (ID 28, src/dnsmasq/dnssec.c:1151)
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: Set reply to NODATA (1) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: **** DNSSEC time.apple.com is INSECURE (ID 15, src/dnsmasq/forward.c:1461)
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: time.apple.com is (CNAME) (ID 15, src/dnsmasq/rfc1035.c:911)
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: Set reply to CNAME (3) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: FTL_CNAME called with: src = time.apple.com, dst = time.g.aaplimg.com, id = 15
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: Set global cache status to 0
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: time.g.aaplimg.com is not known
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: Allowing query as gravity database is not available
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: Query 15: CNAME time.apple.com ---> time.g.aaplimg.com
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: **** got upstream reply: time.g.aaplimg.com is 17.253.16.125 (ID 15, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: **** got upstream reply: time.g.aaplimg.com is 17.253.16.253 (ID 15, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.727 PST [4564M] DEBUG_QUERIES: **** got upstream reply: time.g.aaplimg.com is 17.253.4.125 (ID 15, src/dnsmasq/rfc1035.c:1122)
2025-02-08 09:19:17.787 PST [4564/T4574] INFO: Compiled 7 allow and 19 deny regex for 67 clients in 53.1 msec
2025-02-08 09:19:17.787 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DS] query "gov" from -/<internal>#53 (ID 29, FTL 107217, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.787 PST [4564M] DEBUG_QUERIES: **** forwarded gov to 127.0.0.1#5335 (ID 29, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.787 PST [4564M] DEBUG_QUERIES: DNS cache: DS/::/gov -> FORWARDED, no expiry
2025-02-08 09:19:17.787 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: gov is DNSKEY (ID 29, src/dnsmasq/dnssec.c:1113)
2025-02-08 09:19:17.787 PST [4564M] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.788 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DS] query "nist.gov" from -/<internal>#53 (ID 30, FTL 107218, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.788 PST [4564M] DEBUG_QUERIES: **** forwarded nist.gov to 127.0.0.1#5335 (ID 30, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.788 PST [4564M] DEBUG_QUERIES: DNS cache: DS/::/nist.gov -> FORWARDED, no expiry
2025-02-08 09:19:17.788 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DNSKEY] query "gov" from -/<internal>#53 (ID 31, FTL 107219, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.788 PST [4564M] DEBUG_QUERIES: **** forwarded gov to 127.0.0.1#5335 (ID 31, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.788 PST [4564M] DEBUG_QUERIES: DNS cache: DNSKEY/::/gov -> FORWARDED, no expiry
2025-02-08 09:19:17.788 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: gov is DNSKEY (ID 31, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.788 PST [4564M] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.788 PST [4564M] DEBUG_QUERIES: **** got upstream reply: gov is DNSKEY (ID 31, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: **** got upstream reply: nist.gov is DNSKEY (ID 30, src/dnsmasq/dnssec.c:1113)
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DNSKEY] query "nist.gov" from -/<internal>#53 (ID 32, FTL 107220, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: **** forwarded nist.gov to 127.0.0.1#5335 (ID 32, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: DNS cache: DNSKEY/::/nist.gov -> FORWARDED, no expiry
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: nist.gov is DNSKEY (ID 32, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: **** got upstream reply: nist.gov is DNSKEY (ID 32, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DS] query "glb.nist.gov" from -/<internal>#53 (ID 33, FTL 107221, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: **** forwarded glb.nist.gov to 127.0.0.1#5335 (ID 33, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: DNS cache: DS/::/glb.nist.gov -> FORWARDED, no expiry
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: glb.nist.gov is DNSKEY (ID 33, src/dnsmasq/dnssec.c:1113)
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: **** got upstream reply: glb.nist.gov is DNSKEY (ID 33, src/dnsmasq/dnssec.c:1113)
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: **** new IPv4 dnssec-query[DNSKEY] query "glb.nist.gov" from -/<internal>#53 (ID 34, FTL 107222, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: **** forwarded glb.nist.gov to 127.0.0.1#5335 (ID 34, src/dnsmasq/forward.c:1135)
2025-02-08 09:19:17.789 PST [4564M] DEBUG_QUERIES: DNS cache: DNSKEY/::/glb.nist.gov -> FORWARDED, no expiry
2025-02-08 09:19:17.790 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: glb.nist.gov is truncated (ID 34, src/dnsmasq/forward.c:985)
2025-02-08 09:19:17.790 PST [4564M] DEBUG_QUERIES: Set reply to NODATA (1) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.793 PST [4586/F4564] DEBUG_QUERIES: **** new IPv4 dnssec-query[DNSKEY] query "glb.nist.gov" from -/<internal>#53 (ID 34, FTL 107223, src/dnsmasq/forward.c:2332)
2025-02-08 09:19:17.794 PST [4586/F4564] DEBUG_QUERIES: **** forwarded glb.nist.gov to 127.0.0.1#5335 (ID 34, src/dnsmasq/forward.c:2332)
2025-02-08 09:19:17.794 PST [4586/F4564] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: glb.nist.gov is DNSKEY (ID 34, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.794 PST [4586/F4564] DEBUG_QUERIES: Set reply to DNSSEC (11) in src/dnsmasq_interface.c:2437
2025-02-08 09:19:17.794 PST [4586/F4564] DEBUG_QUERIES: **** got upstream reply: glb.nist.gov is DNSKEY (ID 34, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.794 PST [4586/F4564] DEBUG_QUERIES: **** got upstream reply: glb.nist.gov is DNSKEY (ID 34, src/dnsmasq/dnssec.c:962)
2025-02-08 09:19:17.794 PST [4564M] DEBUG_QUERIES: **** DNSSEC time.nist.gov is SECURE (ID 21, src/dnsmasq/forward.c:1461)
2025-02-08 09:19:17.794 PST [4564M] DEBUG_QUERIES: **** got upstream reply from 127.0.0.1#5335: time.nist.gov is (CNAME) (ID 21, src/dnsmasq/rfc1035.c:911)
2025-02-08 09:19:17.794 PST [4564M] DEBUG_QUERIES: Set reply to CNAME (3) in src/dnsmasq_interface.c:2437

Full FTL log: https://tricorder.pi-hole.net/OSRPv7we/

Debug log: https://tricorder.pi-hole.net/gpw4vNjl/

DL6ER · February 8, 2025, 6:42pm

dnsmasq suppresses any further log lines, this warning is logged only once.

@sawsanders What upstream server are you using? Maybe the warning is correct in your case... let's check!

It'd be great (as you said you can reproduce it reliably) if you could run

sudo tcpdump -i lo -w /tmp/dns.pcap -n -p tcp port 5335

to capture the traffic between your Pi-hole and your unbound and then send me this file (you can stop recording immediately after the error happened using Ctrl + C) together with /var/log/pihole/pihole.log around that time.

Equipped with both files, I should be able to check if the warning is legit or if there is another corner-case that needs fixing in dnsmasq's new 0x20 DNS feature.

spharticus · February 8, 2025, 7:12pm

results of grep -C 100 "Case mismatch" /var/log/pihole/pihole.* | pihole tricorder
https://tricorder.pi-hole.net/wq3jB36F/

Results of pihole -d
https://tricorder.pi-hole.net/Afh3lLi2/

I think this is pihole.log
https://tricorder.pi-hole.net/bV7BYhmm/

sawsanders · February 8, 2025, 7:46pm

I'm using Unbound:

pi@pi5:~$ unbound -V
Version 1.19.2

Configure line: --build=aarch64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/aarch64-linux-gnu --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking --with-pythonmodule --with-pyunbound --enable-subnet --enable-dnstap --enable-systemd --enable-cachedb --with-libhiredis --with-libnghttp2 --with-chroot-dir= --with-dnstap-socket-path=/run/dnstap.sock --disable-rpath --with-pidfile=/run/unbound.pid --with-libevent --enable-tfo-client --with-rootkey-file=/usr/share/dns/root.key --disable-flto --enable-tfo-server
Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 3.0.13 30 Jan 2024
Linked modules: dns64 python cachedb subnetcache respip validator iterator
TCP Fastopen feature available

BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues

I also have my Pi-hole configured to use my router (Edgerouter Lite) for conditional forwarding. I believe it also uses dnsmasq for DNS resolution:

SawS@router:~$ sudo dnsmasq -v
Dnsmasq version 2.85  Copyright (c) 2000-2024 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus no-UBus i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.

I will try to get the pcap file ASAP.

DL6ER · February 8, 2025, 7:50pm

In case you switched to update/dnsmasq you can switch back to development to ensure you are receiving future updates. There is no need to rush, e g., when you are currently waiting if the issue pops up again as - right now - both branches are exactly identical.

seh2000 · February 8, 2025, 7:51pm

Just to share.
I got two Raspberries Pi4-B on two different network segments each running pi-hole.

Got same error right after l changed from ftl tweak/conn_errors branch to the ftl development branch.

When I changed to sudo pihole checkout ftl update/dnsmasq on both I again got one instance of the issue.

admin@Pi4-1:/var/log/pihole $ sudo cat FTL.log | grep mismatch
2025-02-08 19:12:30.639 GMT [23040M] WARNING: WARNING in dnsmasq core: Case mismatch in DNS reply - check bit 0x20 encoding.
2025-02-08 19:26:14.035 GMT [23383M] WARNING: WARNING in dnsmasq core: Case mismatch in DNS reply - check bit 0x20 encoding.
2025-02-08 19:39:02.168 GMT [23383M] WARNING: WARNING in dnsmasq core: Case mismatch in DNS reply - check bit 0x20 encoding.

admin@Pi4-2:/var/log/pihole $ sudo cat FTL.log | grep mismatch
2025-02-08 19:35:03.042 GMT [56360M] WARNING: WARNING in dnsmasq core: Case mismatch in DNS reply - check bit 0x20 encoding.
2025-02-08 19:38:57.405 GMT [56360M] WARNING: WARNING in dnsmasq core: Case mismatch in DNS reply - check bit 0x20 encoding.

I see same as sawsanders, issue appears one time right after a restart of FTL.
Let me know if you need any additional than what sawsanders and spharticus asked to provide.
Steen

mwoolweaver1 · February 8, 2025, 7:53pm

https://tricorder.pi-hole.net/vbsF19BY/

happened at 2025-02-08 12:29:00

according to FTL.log i updated @ 2025-02-08 10:15 to latest development branch with rc3 fix

https://tricorder.pi-hole.net/EifuR7px/

using cloudflared-doh as described here as upstream