> Is unbound-anchor fairly stand-alone? Maybe run unbound-anchor and > then covert the format of the resulting trust-anchors file would be > a viable solution? Fairly, yes, but: if people can run unbound-anchor they have Unbound, so what would be the point of dnsmasq as a validator? ;-) -JP