I did a few tests with the --proxy-dnssec option and according to my tests it seems as if this feature is not working as documented.

If I query a dnssec signed domain I get an ad flag from my unbound which is my upstream server, but on every subsequent query that is answerd by dnsmasq from its cache there is no ad flag in the response. After the cache expired the first call again has an ad flag as provided from the upstream response.

Am I missunderstanding the --proxy-dnssec or am I doing something wrong?

Any help welcome.

Dnsmasq-discuss mailing list

Reply via email to