dnsmasq does not support DNSSEC
The currenlty built dnsmasq (at least for armhf) does not support DNSSEC.
When adding the option —trust-anchor to the command line, it returns:
dnsmasq: unsupported option (check that dnsmasq was compiled with
DHCP/TFTP/DNSSEC/DBus support)
I’ve check the Makefile from dnsmasq and in order to support DNSSEC it requires the nettle dependencies.
Once this dependencies is added to the build system, then I’m pretty sure that dnsmasq will be built with DNSSEC support.
This affects dnsmasq 2.76 on Alpine Linux 3.5 (at least).
Note: there are a bunch of other things which will not be supported by dnsmasq unless other dependencies are added. One can find the list of dependencies in the Makefile at the root of the source tree (it is located line 54-64 for version 2.76).
Examples:
Lua is required to use the —dhcp-luascript option.
(from redmine: issue id 6949, created on 2017-03-02, closed on 2017-05-19)