PBR with dnsmasq-full caching issue

[fritz-fritz]

I have an issue that comes up from time to time where the pbr dnsmasq-full with nftsets seems to be caching dns lookups despite the setting in dnsmasq.

The issue becomes apparent in particular when used with for example nextdns. I might come accross a site that is blocked and the NXDOMAIN response gets cached by PBR. I then unblock at nextdns and the router/host dnsmasq instance can pull the record correctly, but the router will still respond to clients with NXDOMAIN indefinitely until I restart the pbr service (not the dnsmasq service).

I presume PBR is starting it's own instance of dnsmasq? Wouldn't it be better to default to no caching and leave the configuration to the upstream dnsmasq instance?

I might be incorrect here in what is happening and I have tried passing arguments in my uci config to disable the cache in pbr but thought I'd raise the issue here in case you could help.

It's an issue that doesn't typically come up as a problem, but when it does. I have to ssh into my router which is less than ideal.

[stangri]

I presume PBR is starting it's own instance of dnsmasq?

It doesn't.

I might be incorrect here in what is happening and I have tried passing arguments in my uci config to disable the cache in pbr but thought I'd raise the issue here in case you could help.

I suspect so. FYI: restarting/reloading pbr may cause the dnsmasq to be restarted as well, but pbr has no dns resolution cache of its own.