Adding the three lines dnssec dnssec-check-unsigned trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
to dnsmasq in pfSense makes dnsmasq dnsssec aware. Is there a reason why there is no tickable box to enable this in the GUI or why it is not enabled by default? Thanks, Adrian. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold