[Touch-packages] [Bug 1363366] Re: DNSSEC for dnsmasq
Thanks Thomas! I think that's sufficient to consider this bug fixed in Utopic. If this is wrong, it can always be re-opened. ** Changed in: dnsmasq (Ubuntu) Status: New = Fix Released ** Changed in: dnsmasq (Ubuntu) Importance: Undecided = Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1363366 Title: DNSSEC for dnsmasq Status in “dnsmasq” package in Ubuntu: Fix Released Bug description: This is a wishlist item. I'd like to turn on dnsmasq's DNSSEC validation. However, it appears that support for DNSSEC is disabled at compile time: if I add the dnssec option to the dnsmasq.conf, dnsmasq doesn't accept the configuration. I'm using Ubuntu Trusty. As a workaround, I currently configure dnsmasq to rely on the DNSSEC validation of upstream DNS servers (i.e., I use the proxy-dnssec option) but this is not entirely secure. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1363366/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1363366] Re: DNSSEC for dnsmasq
** Description changed: This is a wishlist item. - I'd like to use DNSSEC for dnsmasq out of the box. Currently support for - DNSSEC appears to be disabled at compile time: if I add dnssec options - to the dnsmasq.conf, it doesn't accept the configuration. I'm using - Ubuntu Trusty. + I'd like to turn on dnsmasq's DNSSEC validation. However, it appears + that support for DNSSEC is disabled at compile time: if I add the + dnssec option to the dnsmasq.conf, dnsmasq doesn't accept the + configuration. I'm using Ubuntu Trusty. - As a workaround, I currently configured DNSSEC to proxy via upstream DNS - with the proxy-dnssec option -- but this is insecure. + As a workaround, I currently configure dnsmasq to rely on the DNSSEC + validation of upstream DNS servers (i.e., I use the proxy-dnssec + option) but this is not entirely secure. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1363366 Title: DNSSEC for dnsmasq Status in “dnsmasq” package in Ubuntu: New Bug description: This is a wishlist item. I'd like to turn on dnsmasq's DNSSEC validation. However, it appears that support for DNSSEC is disabled at compile time: if I add the dnssec option to the dnsmasq.conf, dnsmasq doesn't accept the configuration. I'm using Ubuntu Trusty. As a workaround, I currently configure dnsmasq to rely on the DNSSEC validation of upstream DNS servers (i.e., I use the proxy-dnssec option) but this is not entirely secure. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1363366/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1363366] Re: DNSSEC for dnsmasq
Trusty has dnsmasq 2.68-1. Looking at the buildlog I don't see HAVE_DNSSEC being defined on the compiler command line. gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wall -W -DHAVE_DBUS -DHAVE_CONNTRACK -DLOCALEDIR='/usr/share/locale' -DVERSION='2.68' -I/usr/include/dbus-1.0 -I/usr/lib/x86_64-linux-gnu/dbus-1.0/include -c dnsmasq.c However, in the build log of dnsmasq 2.71-1, which is in Utopic, I do see HAVE_DNSSEC being defined on the compiler command line. gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wall -W -DNO_NETTLE_ECC -DHAVE_DBUS -DHAVE_CONNTRACK -DHAVE_DNSSEC -DLOCALEDIR='/usr/share/locale' -DVERSION='2.71' -I/usr/include/dbus-1.0 -I/usr/lib/x86_64-linux-gnu/dbus-1.0/include -c dnsmasq.c I surmise, therefore, that this wish is fulfilled in Utopic. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1363366 Title: DNSSEC for dnsmasq Status in “dnsmasq” package in Ubuntu: New Bug description: This is a wishlist item. I'd like to turn on dnsmasq's DNSSEC validation. However, it appears that support for DNSSEC is disabled at compile time: if I add the dnssec option to the dnsmasq.conf, dnsmasq doesn't accept the configuration. I'm using Ubuntu Trusty. As a workaround, I currently configure dnsmasq to rely on the DNSSEC validation of upstream DNS servers (i.e., I use the proxy-dnssec option) but this is not entirely secure. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1363366/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
