New issue by uhohspaghetios on void-packages repository

https://github.com/void-linux/void-packages/issues/50904

Description:
I see no reason dnsmasq should not be built with DNSSEC support.
https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en

At present even when forwarding DNS requests to, for example, 9.9.9.9 or 1.1.1.1 caching nameservers with DNSSEC support, the result on the local network is no DNSSEC protection.

For example, if you try to get an IP using dig or any other method of dnssec-failed.org, it should not return a ping because the DNSSEC is signed with an invalid key.  If your system returns an IP address for this domain name, you are at risk of DNS poisoning.