infinet
commented
6 years ago Thanks Roy. New DNSSEC trust-anchor merged from upstream.
https://github.com/infinet/dnsmasq/commit/15e4c18e7aacaaa3f77dae8c13aba0bcc69cdcc6
Please note, the purpose of this fork is to improve lookup performance. It is more like scratch my own itch. It has not caught up with the upstream dnsmasq, which has many bug fix and improvement on DNSSEC. Users need DNSSEC better switch to the original dnsmasq.
Users of your software that enable DNSSEC will not be able to validate DNS after October the 11th 2018.
Your repository contains a trust-anchors.conf file without the new DNSSEC trust-anchors:
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
It should also include:
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
More information can be found at: https://www.icann.org/resources/pages/ksk-rollover
Please don’t hesitate to get in touch.
Warmly,
Roy Arends ICANN