Translations:Dnsmasq/72/en

dnssec-check-unsigned }}
 * 1) Replies which are not DNSSEC signed may be legitimate, because the domain
 * 2) is unsigned, or may be forgeries. Setting this option tells dnsmasq to
 * 3) check that an unsigned reply is OK, by finding a secure proof that a DS
 * 4) record somewhere between the root and the domain does not exist.
 * 5) The cost of setting this is that even queries in unsigned domains will need
 * 6) one or more extra DNS queries to verify.