Dnsmasq: problem caching responses from Consul

Dear Colleagues,

I have configured Consul to return all DNS RRs with TTL=60s which can be verified by
dig -p 8600 @localhost consul.service.consul.

dnsmasq is configured to forward queries to the consul domain and to remember 1000 RRs:


The problem is however that these responses are not being cached by dnsmasq. Each time there is a query to dnsmasq for consul.service.consul, there is a query from dnsmasq to Consul for this name, even though the TTL has not expired.

This is probably not Consul-related, but I hope to find someone using dnsmasq with Consul, for enlightenment.

Found the solution myself.

dnsmasq would not cache responses from an upstream DNS server if the latter refuses recursive queries (with RD flags). Configure a DNS recursor in Consul (even a bogus one which will never be used) and the problem is solved.

Could we have https://learn.hashicorp.com/tutorials/consul/dns-forwarding#dnsmasq-setup updated mentioning this trick?

I would recommend scrolling to the bottom of that tutorial and clicking on the button saying that the tutorial wasn’t helpful. It will then open a text box where you can provide your feedback about the tutorial which will be available to the content creators at Hashicorp to make the necessary changes.


I have created an issue, https://github.com/hashicorp/consul/issues/8752 maybe someone will act on it.

I cannot lie that the tutorial was not helpful, it’s actually brilliant.