Change default for dnssec-check-unsigned.

2025-12-19 10:18:25 +00:00 · 2018-04-15 16:20:52 +01:00
parent 4e72fec660
commit a6918530ce
6 changed files with 45 additions and 19 deletions
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -768,7 +768,10 @@ int main (int argc, char **argv)
 	  _exit(0);
 	}
      
-      my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
+      if (option_bool(OPT_DNSSEC_IGN_NS))
+	my_syslog(LOG_INFO, _("DNSSEC validation enabled but all unsigned answers are trusted"));
+      else
+	my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
      
      daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
      if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)