[Dnsmasq-discuss] DNSSEC: Answer for local hosts with AD flag set?
Stéphane Guedon
stephane at 22decembre.eu
Sat Oct 3 06:53:51 BST 2015
Le vendredi 2 octobre 2015, 19:34:30 Ernst Ahlers a écrit :
> Thanks for chiming in Stephane,
>
> > Allowing dnsmasq to sign (or give a proof of authenticity) would solve
> > this
> > problem, yet I am sure it is not easy.
>
> AFAIK there's no provision yet in dnsmasq for keeping signed domains.
> After all it was never intended to be a fully fledged DNS server.
>
> So the only viable option I see now would be switching to Unbound --
> which AVM is unlikely to do IMHO.
>
> Have a nice weekend all around!
>
> Ernst
Unbound is only a resolver.
To replace dhcp and dns on lan, you might need a dhcp+bind with split mode.
Bind would then allow you also to resolve (as it's the all-in-one dns).
--
The file signature.asc is not attached to be read by you. It's a digital
signature by GPG.
If you want to know why I use it, and why you should as well, you can read my
article there:
http://www.22decembre.eu/2015/03/21/introduction-en/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20151003/af1b7aa2/attachment-0001.sig>
More information about the Dnsmasq-discuss
mailing list