[ISSUE] dnsmasq needs to be built with DNSSEC support

Github messages for voidlinux
 help / color / mirror / Atom feed

From: uhohspaghetios <uhohspaghetios@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: [ISSUE] dnsmasq needs to be built with DNSSEC support
Date: Thu, 20 Jun 2024 19:48:40 +0200	[thread overview]
Message-ID: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-50904@inbox.vuxu.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 724 bytes --]

New issue by uhohspaghetios on void-packages repository

https://github.com/void-linux/void-packages/issues/50904

Description:
I see no reason dnsmasq should not be built with DNSSEC support.
https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en

At present even when forwarding DNS requests to, for example, 9.9.9.9 or 1.1.1.1 caching nameservers with DNSSEC support, the result on the local network is no DNSSEC protection.

For example, if you try to get an IP using dig or any other method of dnssec-failed.org, it should not return a ping because the DNSSEC is signed with an invalid key.  If your system returns an IP address for this domain name, you are at risk of DNS poisoning.

next             reply	other threads:[~2024-06-20 17:48 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-20 17:48 uhohspaghetios [this message]
2024-06-23 11:08 ` dnsmasq: enable DNSSEC build option by default piekay
2024-06-26 13:53 ` uhohspaghetios
2024-06-26 13:53 ` uhohspaghetios
2024-06-26 13:54 ` uhohspaghetios
2024-06-26 14:05 ` classabbyamp
2024-06-26 15:23 ` [ISSUE] [CLOSED] " classabbyamp

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-50904@inbox.vuxu.org \
    --to=uhohspaghetios@users.noreply.github.com \
    --cc=ml@inbox.vuxu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).