Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add dnssec-check-unsigned to example config file.

Browse Source
This commit is contained in:
Simon Kelley
2014-03-24 21:13:49 +00:00
parent 604f7598c2
commit 56618c31f6
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dnsmasq.conf.example
View File

@@ -25,6 +25,14 @@
#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf #conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf
#dnssec #dnssec
# Replies which are not DNSSEC signed may be legitimate, because the domain
# is unsigned, or may be forgeries. Setting this option tells dnsmasq to
# check that an unsigned reply is OK, by finding a secure proof that a DS
# record somewhere between the root and the domain does not exist.
# The cost of setting this is that even queries in unsigned domains will need
# one or more extra DNS queries to verify.
#dnssec-check-unsigned
# Uncomment this to filter useless windows-originated DNS requests # Uncomment this to filter useless windows-originated DNS requests
# which can trigger dial-on-demand links needlessly. # which can trigger dial-on-demand links needlessly.
# Note that (amongst other things) this blocks all SRV requests, # Note that (amongst other things) this blocks all SRV requests,