I trust somebody (DL6ER?) will translate this.
dnsmasq v2.76-5 only has a problem if you also use dnscrypt, otherwise it will work fine.
There are four states that dnsmasq will report:
- SECURE: the dns entry has valid DNSSEC records associated with it
- INSECURE: most dns entries have no DNSSEC records associated with them, but there is not really a problem, although it is not secure.
- BOGUS: The dns entry OR/AND the associated DNSSEC records have been tampered with, dnsmasq will see this -> no access
- ABANDONED: the dns entry has DNSSEC records associated with it, but they have expired -> no access
If you want to use dnsmasq + dnscrypt + DNSSEC, you need a test release of dnsmasq (v2.77test4). I have been running it for over two months now, without any problems, dnsmasq & dnscrypt work perfectly with DNSSEC enabled.
If you want to install dnsmasq v2.77test4 (on raspbian jessie lite - builds january, february, march OR april 2017) you can use this script to upgrade (somewhere near the end of the topic). Beware, the script has no error handling!
If you are working on this and would like to comment on this issue (the first item only about adding "ntpd -gq" in the start part of the dnsmasq deamon) , that would be greatly appriciated.