I've seen a article in a German computer magazine explaining the way to use dnsmasq to ensure DNSSEC (to the uplink) for all clients which do not use DNSSEC. The release of dnsmasq in testing seems to support this. A backport seems to be possible, but I don't understand the way DEB_BUILD_OPTIONS should be used. Is DNSSEC enabled by default? If not, how should I use DEB_BUILD_OPTIONS to enabled it? Anyone out there who has experiences with DNSSEC and dnsmasq?