Hello again, On Mon, Jan 20, 2025 at 11:32:57AM +0100, Uwe Kleine-König wrote: > On Sun, Jan 19, 2025 at 11:50:23PM +0000, Simon Kelley wrote: > > If you add a DS record for > > kleine-koenig.org to your config, it should work, assuming that > > 192.168.128.3 is DNSSEC capable. > > Now I added > > > trust-anchor=kleine-koenig.org,34607,13,2,FF05DA4F2E6A2692421FA7ED99DF07205A6A04ABC917F26CD7E781520A2652D1 > > which matches the DS record for kleine-koenig.org in both the public DNS > and the internal view and now delv happy.kk4.kleine-koenig.org works > (same output as above, with "unsigned answer" as expected).
I did that on another router running an older OpenWrt (that is, it doesn't include your recent changes) and that made DNSSEC verification also work in that router's lan. Is that expected? Best regards Uwe
signature.asc
Description: PGP signature
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
