Hello together, first off: Many thanks to Simon and all developers for a very useful tool!
I'm using dnsmasq 2.72 with DNSSEC validation on my home server (Ubuntu 14.04 LTS). During a discussion with a router manufacturer the topic of answers for local queries for local hosts came up. As far as I can see dnsmasq answers such queries without validation, i. e. not setting the AD flag: ea@swing:~$ dnsmasq --version Dnsmasq version 2.72 Copyright (c) 2000-2014 Simon Kelley Compile time options: IPv6 GNU-getopt DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect [...] ea@swing:~$ dig +dnssec bsi.bund.de @localhost | grep AUTH ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ea@swing:~$ dig +dnssec ap @localhost | grep AUTH ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 Now this is expected since I didn't sign my locally used domain. Anyway I'd like to be able to mark answers for local hosts within the local network as validated. Is there an option to enable this? Best regards Ernst -- Ernst Ahlers, Redakteur/Editor PGP-Key-ID: 0x265E 3662, plain text preferred c't - Magazin für Computertechnik www.ct.de Karl-Wiechert-Allee 10 D-30625 Hannover, Germany Phone +49 (0)511 5352 300 Fax +49 (0)511 5352 417 Heise Medien GmbH & Co. KG Registergericht: Amtsgericht Hannover HRA 26709 Persönlich haftende Gesellschafterin: Heise Medien Geschäftsführung GmbH Registergericht: Amtsgericht Hannover, HRB 60405 Geschäftsführer: Ansgar Heise, Dr. Alfons Schräder Katze 5e _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss