** Description changed: This is a wishlist item. - I'd like to use DNSSEC for dnsmasq out of the box. Currently support for - DNSSEC appears to be disabled at compile time: if I add "dnssec" options - to the dnsmasq.conf, it doesn't accept the configuration. I'm using - Ubuntu Trusty. + I'd like to turn on dnsmasq's DNSSEC validation. However, it appears + that support for DNSSEC is disabled at compile time: if I add the + "dnssec" option to the dnsmasq.conf, dnsmasq doesn't accept the + configuration. I'm using Ubuntu Trusty. - As a workaround, I currently configured DNSSEC to proxy via upstream DNS - with the proxy-dnssec option -- but this is insecure. + As a workaround, I currently configure dnsmasq to rely on the DNSSEC + validation of upstream DNS servers (i.e., I use the "proxy-dnssec" + option) but this is not entirely secure.
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1363366 Title: DNSSEC for dnsmasq To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1363366/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs