From 0778b79ffc7054984b6fa36cb3e4caabd7ac7ab1 Mon Sep 17 00:00:00 2001
From: Daniel Brooks <bass_rock@me.com>
Date: Sun, 6 Jan 2019 16:08:12 -0800
Subject: [PATCH 1/2] Switching to dnsmasq-dnssec

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 06d7898..c35bdbb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,7 +5,7 @@ ENV WEBPROC_VERSION 0.2.2
 ENV WEBPROC_URL https://github.com/jpillora/webproc/releases/download/$WEBPROC_VERSION/webproc_linux_amd64.gz
 # fetch dnsmasq and webproc binary
 RUN apk update \
-	&& apk --no-cache add dnsmasq \
+	&& apk --no-cache add dnsmasq-dnssec \
 	&& apk add --no-cache --virtual .build-deps curl \
 	&& curl -sL $WEBPROC_URL | gzip -d - > /usr/local/bin/webproc \
 	&& chmod +x /usr/local/bin/webproc \

From 50321e85a75c64e7b13fc73a87af2d776ea2e336 Mon Sep 17 00:00:00 2001
From: Daniel Brooks <bass_rock@me.com>
Date: Sun, 6 Jan 2019 16:16:55 -0800
Subject: [PATCH 2/2] Adding DNSSec conf

---
 dnsmasq.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/dnsmasq.conf b/dnsmasq.conf
index d2c0e3c..02bf5b1 100644
--- a/dnsmasq.conf
+++ b/dnsmasq.conf
@@ -4,6 +4,11 @@
 log-queries
 #dont use hosts nameservers
 no-resolv
+# DNSSEC setup
+dnssec
+trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
+dnssec-check-unsigned
 #use cloudflare as default nameservers, prefer 1^4
 server=1.0.0.1
 server=1.1.1.1