touch-packages team mailing list archive

[Thomas Hood <1363366@xxxxxxxxxxxxxxxxxx>]

** Description changed:

  This is a wishlist item.
  
- I'd like to use DNSSEC for dnsmasq out of the box. Currently support for
- DNSSEC appears to be disabled at compile time: if I add "dnssec" options
- to the dnsmasq.conf, it doesn't accept the configuration. I'm using
- Ubuntu Trusty.
+ I'd like to turn on dnsmasq's DNSSEC validation. However, it appears
+ that support for DNSSEC is disabled at compile time: if I add the
+ "dnssec" option to the dnsmasq.conf, dnsmasq doesn't accept the
+ configuration. I'm using Ubuntu Trusty.
  
- As a workaround, I currently configured DNSSEC to proxy via upstream DNS
- with the proxy-dnssec option -- but this is insecure.
+ As a workaround, I currently configure dnsmasq to rely on the DNSSEC
+ validation of upstream DNS servers (i.e., I use the "proxy-dnssec"
+ option) but this is not entirely secure.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1363366

Title:
  DNSSEC for dnsmasq

Status in “dnsmasq” package in Ubuntu:
  New

Bug description:
  This is a wishlist item.

  I'd like to turn on dnsmasq's DNSSEC validation. However, it appears
  that support for DNSSEC is disabled at compile time: if I add the
  "dnssec" option to the dnsmasq.conf, dnsmasq doesn't accept the
  configuration. I'm using Ubuntu Trusty.

  As a workaround, I currently configure dnsmasq to rely on the DNSSEC
  validation of upstream DNS servers (i.e., I use the "proxy-dnssec"
  option) but this is not entirely secure.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1363366/+subscriptions