** Description changed: This is a wishlist item. - I'd like to use DNSSEC for dnsmasq out of the box. Currently support for - DNSSEC appears to be disabled at compile time: if I add "dnssec" options - to the dnsmasq.conf, it doesn't accept the configuration. I'm using - Ubuntu Trusty. + I'd like to turn on dnsmasq's DNSSEC validation. However, it appears + that support for DNSSEC is disabled at compile time: if I add the + "dnssec" option to the dnsmasq.conf, dnsmasq doesn't accept the + configuration. I'm using Ubuntu Trusty. - As a workaround, I currently configured DNSSEC to proxy via upstream DNS - with the proxy-dnssec option -- but this is insecure. + As a workaround, I currently configure dnsmasq to rely on the DNSSEC + validation of upstream DNS servers (i.e., I use the "proxy-dnssec" + option) but this is not entirely secure.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1363366 Title: DNSSEC for dnsmasq Status in “dnsmasq” package in Ubuntu: New Bug description: This is a wishlist item. I'd like to turn on dnsmasq's DNSSEC validation. However, it appears that support for DNSSEC is disabled at compile time: if I add the "dnssec" option to the dnsmasq.conf, dnsmasq doesn't accept the configuration. I'm using Ubuntu Trusty. As a workaround, I currently configure dnsmasq to rely on the DNSSEC validation of upstream DNS servers (i.e., I use the "proxy-dnssec" option) but this is not entirely secure. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1363366/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp