Do NOT use DNSSEC-proxy function of Dnsmasq. The validation is done on a resolver in the internet. Any attacker can use a Man-In-The-Middle attack between the DNSSEC-resolver in the internet and Dnsmasq to manipulate the DNSSEC data. Proxying the DO-/AD-bit lulls the user into a FALSE sense of security.
DNSSEC-proxying is highly INSECURE! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/995332 Title: Please enhance NetworkManager such that DNSSEC validation is done whenever possible To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/995332/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
