Does FTLDNS support the "bogus-nxdomain" option and cache-size > 10000?


Please follow the below template, it will help us to help you!

Expected Behaviour:

Placing bogus-nxdomain= in /etc/dnsmasq.d/01-pihole.conf should result in an NXDOMAIN response when the upstream DNS resolver (in this case, Norton ConnectSafe ) supplies as the response for a non-existent domain.

I did restart the pihole-FTL service after editing the cofiguration file. I’m also aware that any reinstall/upgrade to pihole will overwrite these changes. For now, it’s just a test.

Also, is FTLDNS compiled without the 10000 cache-size limit that was hardcoded into dnsmasq?
I modified cache-size=500000 in /etc/dnsmasq.d/01-pihole.conf since I have a block list of over 2 million domains and experienced this:

grep 'cachesize' /var/log/pihole.log gives

May 11 21:13:26 dnsmasq[746]: started, version pi-hole-2.79 cachesize 500000 which if I’m not mistaken seems to confirm that the cache size was indeed increased?

Actual Behaviour:

On querying a non-existent domain, FTLDNS provides as the response instead of an NXDOMAIN response although bogus-nxdomain= was set in /etc/dnsmasq.d/01-pihole.conf

Debug Token:

I would have included the debug token, but running the debug through the web interface just hangs. The pihole -d script hangs on *** [ DIAGNOSING ]: Dashboard and block page

*** [ DIAGNOSING ]: Core version
[i] Core: v3.3 (How do I update Pi-hole?)
[i] Branch: FTLDNS (The pihole Command With Examples)
[i] Commit: v3.3-108-g310d33b

*** [ DIAGNOSING ]: Web version
[i] Web: v3.2.1 (How do I update Pi-hole?)
[i] Branch: FTLDNS (The pihole Command With Examples)
[i] Commit: v3.2.1-157-ga83592b8

*** [ DIAGNOSING ]: FTL version
[✓] FTL: vDev-b133b65 (How do I update Pi-hole?)

*** [ DIAGNOSING ]: dnsmasq version
[i] 2.76

*** [ DIAGNOSING ]: lighttpd version
[i] 1.4.45

*** [ DIAGNOSING ]: php version
[i] 7.0.27

*** [ DIAGNOSING ]: Operating system
[✓] Raspbian GNU/Linux 9 (stretch)

*** [ DIAGNOSING ]: SELinux
[i] SELinux not detected

*** [ DIAGNOSING ]: Processor
[✓] armv7l



Yes (as you have also already found out). After some discussions with dnsmasq's main developer (Simon Kelley), this limitation will eventually also get removed from dnsmasq from version 2.80 on.

We don’t interfere with dnsmasq's original code in this regard. Does it work as expected when you use dnsmasq 2.79 instead of FTLDNS?

1 Like


I got FTLDNS to work. I made an error with the bogus nxdomain IP address. FTLDNS works as expected. Thank you for your response.

1 Like

closed #4

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.