touch-packages team mailing list archive

[Thomas Hood <1363366@xxxxxxxxxxxxxxxxxx>]

Trusty has dnsmasq 2.68-1. Looking at the buildlog I don't see
HAVE_DNSSEC being defined on the compiler command line.

    gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security -D_FORTIFY_SOURCE=2 -Wall -W -DHAVE_DBUS
-DHAVE_CONNTRACK -DLOCALEDIR='"/usr/share/locale"' -DVERSION='"2.68"'
-I/usr/include/dbus-1.0 -I/usr/lib/x86_64-linux-gnu/dbus-1.0/include
-c dnsmasq.c

However, in the build log of dnsmasq 2.71-1, which is in Utopic, I do
see HAVE_DNSSEC being defined on the compiler command line.

    gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security -D_FORTIFY_SOURCE=2 -Wall -W -DNO_NETTLE_ECC
-DHAVE_DBUS -DHAVE_CONNTRACK -DHAVE_DNSSEC
-DLOCALEDIR='"/usr/share/locale"' -DVERSION='"2.71"'
-I/usr/include/dbus-1.0 -I/usr/lib/x86_64-linux-gnu/dbus-1.0/include
-c dnsmasq.c

I surmise, therefore, that this wish is fulfilled in Utopic.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1363366

Title:
  DNSSEC for dnsmasq

Status in “dnsmasq” package in Ubuntu:
  New

Bug description:
  This is a wishlist item.

  I'd like to turn on dnsmasq's DNSSEC validation. However, it appears
  that support for DNSSEC is disabled at compile time: if I add the
  "dnssec" option to the dnsmasq.conf, dnsmasq doesn't accept the
  configuration. I'm using Ubuntu Trusty.

  As a workaround, I currently configure dnsmasq to rely on the DNSSEC
  validation of upstream DNS servers (i.e., I use the "proxy-dnssec"
  option) but this is not entirely secure.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1363366/+subscriptions