From 16cc1027fb1ca20fe9e619f2092f0b4ade4e8e11 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 9 Feb 2024 21:50:30 +0100 Subject: [PATCH] DNSSEC validation should not be enabled by default - it wasn't in v5, either. The reason for this is that it may be causing issues on devices with broken/missing RTCs where NTP time synchronization relies on DNS resolution Signed-off-by: DL6ER --- src/config/config.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config/config.c b/src/config/config.c index d03fb3b0b..454133979 100644 --- a/src/config/config.c +++ b/src/config/config.c @@ -497,7 +497,7 @@ void initConfig(struct config *conf) conf->dns.dnssec.h = "Validate DNS replies using DNSSEC?"; conf->dns.dnssec.t = CONF_BOOL; conf->dns.dnssec.f = FLAG_RESTART_FTL; - conf->dns.dnssec.d.b = true; + conf->dns.dnssec.d.b = false; conf->dns.interface.k = "dns.interface"; conf->dns.interface.h = "Interface to use for DNS (see also dnsmasq.listening.mode) and DHCP (if enabled)";