Comment 0 for bug 1981794

Duplicate or retried DNS queries will return REFUSED for one of the queries causing intermittent failures in clients.

This probably breaks lots of things, but for me is causing 22.04's internet connection sharing to be unstable. It's particularly bad for my Xbox which seems to like sending duplicate queries.

Here's an example capture:
22:37:25.308212 IP 10.42.0.16.54248 > 10.42.0.1.53: 22442+ A? title.auth.xboxlive.com. (41)
22:37:25.332711 IP 10.42.0.16.54248 > 10.42.0.1.53: 22442+ A? title.auth.xboxlive.com. (41)
22:37:25.332740 IP 10.42.0.1.53 > 10.42.0.16.54248: 22442 Refused 0/0/0 (41)
22:37:25.353003 IP 10.42.0.1.53 > 10.42.0.16.54248: 22442 2/0/0 CNAME title.auth.xboxlive.com.akadns.net., A 40.64.90.82 (105)

This has been fixed in upstream as of Sept 2021 in the unreleased 2.87 version. It's apparently a regression in version 2.86 (also released in Sept 2021). Ubuntu 22.04 and later all use the broken 2.86 version.

Upstream fix:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be1df48da1e2bd3d3feaa138c2

Upstream bug thread:
https://www.mail-archive.com/search?l=dnsmasq-discuss%40lists.thekelleys.org.uk&q=subject:%22%5C%5BDnsmasq%5C-discuss%5C%5D+REFUSED+after+dropped+packets%22&o=oldest&f=1