DNSSEC for dnsmasq
Bug #1363366 reported by
Andreas Schildbach
on 2014-08-30
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | dnsmasq (Ubuntu) |
Wishlist
|
Unassigned | ||
Bug Description
This is a wishlist item.
I'd like to turn on dnsmasq's DNSSEC validation. However, it appears that support for DNSSEC is disabled at compile time: if I add the "dnssec" option to the dnsmasq.conf, dnsmasq doesn't accept the configuration. I'm using Ubuntu Trusty.
As a workaround, I currently configure dnsmasq to rely on the DNSSEC validation of upstream DNS servers (i.e., I use the "proxy-dnssec" option) but this is not entirely secure.
Andreas Schildbach (launchpad-net-schildbach)
on 2014-08-30
| description: | updated |
Thomas Hood (jdthood)
on 2014-09-01
| description: | updated |
| Thomas Hood (jdthood) wrote : | #1 |
| Robie Basak (racb) wrote : | #2 |
Thanks Thomas! I think that's sufficient to consider this bug fixed in Utopic. If this is wrong, it can always be re-opened.
| Changed in dnsmasq (Ubuntu): | |
| status: | New → Fix Released |
| importance: | Undecided → Wishlist |
To post a comment you must log in.
Trusty has dnsmasq 2.68-1. Looking at the buildlog I don't see HAVE_DNSSEC being defined on the compiler command line.
gcc -g -O2 -fstack-protector --param=
However, in the build log of dnsmasq 2.71-1, which is in Utopic, I do see HAVE_DNSSEC being defined on the compiler command line.
gcc -g -O2 -fstack-protector --param=
I surmise, therefore, that this wish is fulfilled in Utopic.