Thank you for looking into this Simon.
On 06/29/2018 03:47 PM, Simon Kelley wrote:
> Dnsmasq does pass on the do-bit, and return DNSSEC RRs, irrespective of
> of having DNSSEC validation compiled in or enabled.
Sure, this is true. Dnsmasq will pass DO bit from query. I think my
issue is, once
Dnsmasq does pass on the do-bit, and return DNSSEC RRs, irrespective of
of having DNSSEC validation compiled in or enabled.
The thing to understand here is that the cache does not store all the
DNSSEC RRs, and dnsmasq doesn't have the (very complex) logic required
to determine the set of DNSSEC
Hi Simon and others!
I am thinking about dnssec support of dnsmasq. Is it possible to enable
dnssec support, but disable dnssec validation at the same time? Bind for
example have options dnssec-enable and dnssec-validation. There is
option proxy-dnssec, but I think it only copies AD flag in