[Dnsmasq-discuss] Feature request: allow to enable/disable --dnssec-check-unsigned per upstream server
Rene Bartsch
ml at bartschnet.de
Fri Aug 29 08:59:27 BST 2014
Hi,
I'm running Dnsmasq with DNSSEC-validation and "--dnssec-check-unsigned"
enabled. "server=/onion/127.0.0.1#9053" forwards .onion-queries to the
TOR-resolver. Unfortunately the TOR-resolver provides A-RRs only. So
resolving .onion-domains fails when "--dnssec-check-unsigned" is
enabled.
Please extend "--dnssec-check-unsigned" with an option for the server
address and port.
"dnssec-check-unsigned" would enable for all upstream servers.
"dnssec-check-unsigned=127.0.0.1#9053" would enable only for
127.0.0.1#9053.
--
Best regards,
Renne
More information about the Dnsmasq-discuss
mailing list