Do NOT use DNSSEC-proxy function of Dnsmasq. The validation is done on a resolver in the internet. Any attacker can use a Man-In-The-Middle attack between the DNSSEC-resolver in the internet and Dnsmasq to manipulate the DNSSEC data. Proxying the DO-/AD-bit lulls the user into a FALSE sense of security.
DNSSEC-proxying is highly INSECURE! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/995332 Title: Please enhance NetworkManager such that DNSSEC validation is done whenever possible To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/995332/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs