[Dnsmasq-discuss] Feature request: allow to enable/disable --dnssec-check-unsigned per upstream server

Rene Bartsch ml at bartschnet.de
Fri Aug 29 08:59:27 BST 2014


I'm running Dnsmasq with DNSSEC-validation and "--dnssec-check-unsigned" 
enabled. "server=/onion/" forwards .onion-queries to the 
TOR-resolver. Unfortunately the TOR-resolver provides A-RRs only. So 
resolving .onion-domains fails when "--dnssec-check-unsigned" is 

Please extend "--dnssec-check-unsigned" with an option for the server 
address and port.

"dnssec-check-unsigned" would enable for all upstream servers.

"dnssec-check-unsigned=" would enable only for

Best regards,


More information about the Dnsmasq-discuss mailing list