Dnsmasq supports validating DNSSEC since version 2.69, Bugs have been fixed since version 2.71.
Please update Ubuntu packages to 2.71 and compile with DNSSEC support (see http://www.thekelleys.org.uk/dnsmasq/CHANGELOG)! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/995332 Title: Please enhance NetworkManager such that DNSSEC validation is done whenever possible Status in “dnsmasq” package in Ubuntu: Invalid Status in “network-manager” package in Ubuntu: Triaged Bug description: Network Manager in Precise uses a local forwarding DNS server (dnsmasq). This does not perform DNSSEC validation, although it is configured to proxy the DNSSEC validation result from the upstream server, for which the manpage mentions the following caveat: "You should only do this if you trust all the configured upstream nameservers and the network between you and them." Since not all networks or upstream DNS servers are trustworthy, the safest place to perform DNSSEC validation is on the client. Using a local DNS server which cannot validate is a missed opportunity; by replacing dnsmasq with a more-capable DNS server (e.g. Unbound) security against DNS poisoning and MITM attacks could be improved. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/995332/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
