From 36b1544606e68c007f27e08387c6647cc7118962 Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Thu, 12 Jan 2017 12:54:52 +0200
Subject: [PATCH] dnsmasq: I don't care about breaking OpenDNS

OpenDNS should care about breaking me.
---
 etc/NetworkManager/dnsmasq.d/mikaela.conf | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/etc/NetworkManager/dnsmasq.d/mikaela.conf b/etc/NetworkManager/dnsmasq.d/mikaela.conf
index 94692558..a2d58c5c 100644
--- a/etc/NetworkManager/dnsmasq.d/mikaela.conf
+++ b/etc/NetworkManager/dnsmasq.d/mikaela.conf
@@ -9,6 +9,10 @@ listen-address=::1,127.0.0.1
 #                  dnsmasq-base on Ubuntu
 dnssec
 
-# Verify that DNSSEC is not stripped, disabled thanks to OpenDNS, to be
-# enabled if they ever stop that behaviour (I hope).
-#dnssec-check-unsigned
+# Verify that DNSSEC is not stripped. This breaks OpenDNS, but at time
+# of writing I don't care about OpenDNS as them not supporting DNSSEC is
+# their issue, not my issue.
+# https://support.opendns.com/hc/en-us/community/posts/220015487-Implement-DNSSEC
+# https://support.opendns.com/hc/en-us/community/posts/220018307-DNSSEC-on-resolver-side
+# https://support.opendns.com/hc/en-us/community/posts/220022287-support-for-DNSSEC
+dnssec-check-unsigned