Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Brewed DNSmasq w/DNSSEC support may not require further dnsmasq.conf configuration?
See original GitHub issueBoth verification tests passed when dnsmasq was brewed --with-dnssec. Edited dnsmasq.conf with:
# port=5369
server=127.0.0.1#5370
listen-address=127.0.0.1
# dnssec
# trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDD$
The other suggested options were included.
The dig +dnssec icann.org verification test and dig www.dnssec-failed.org test resulted in SERVFAIL when the DNSSEC options were commented in of dnsmasq.conf, e.g. trust-anchor=.
When these same options are commented out, as in # trust-anchor=, the verification tests yielded NOERROR and SERVFAIL, respectively.
Issue Analytics
- State:
- Created 7 years ago
- Comments:9 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I, too, have experienced problems with DNSSEC and did disable the feature. I’ll leave this open for a little while in case someone would like to make a strong case for continuing its use. Otherwise, I will remove or change the recommendation.
Please send a PR if there’s any need to follow-up on this issue.