I think you meant dnsmasq not DNSSEC but I’m curious if you can elaborate? I’m facing Knot issues:
And would work around it by using dnsmasq if I can’t find a resolution. But you’re suggesting that it’s bad idea because dnsmasq does not support DNSSEC. I’d rather have a working resolver without DNSSEC than no resolver though so that puts me in a bind doesn’t it? And I’m curious what the consequence is of running without DNSSEC.
Further, it looks like dnsmasq does support DNSSEC:
The Omnia shipped (to me) with dnsmasq version 2.73, and it’s up to 2.77 but 2.73 supports DNSSEC:
and it’s being actively developed:
So I’m left wondering why is Knot even in the equation here? But why would dropping be a bad idea when dnsmasq does DNSSEC? And is there a simple way to drop Knot, use dnsmasq, and ensure the Forris and LuCI interfaces work well with that?
It would seem /etc/config/resolver is the key and perhaps /etc/init.d/resolver as OpenWRT has a clean UCI driven configuration system I guess.