[Dnsmasq-discuss] DNSSEC

clemens fischer ino-news at spotteswoode.dnsalias.org
Thu Jul 22 21:25:20 BST 2010


Simon Kelley wrote:

> Tim Ashby wrote:
>
>> Will dnsmasq be supporting DNSSEC any time soon? Is it currently in
>> development?
> 
> What do you mean by "support"? Dnsmasq follows the guidelines for DNS
> proxies in RFC 5625 so that it won't get in the way of a DNSSEC-aware
> resolver which is channeling queries through dnsmasq.
> 
> More support than that (for local DNS records, for instance) is not in
> the plan.

I imagine he meant validation of signed records, traversing the DS chain
etc.  My answer would be:  this is not what dnsmasq is for.  People
should use bind9, unbind or somesuch for that.


clemens




More information about the Dnsmasq-discuss mailing list