diff --git a/make/dnsmasq/patches/030-support_dnssec_timestamp_on_readonly_fs.patch b/make/dnsmasq/patches/030-support_dnssec_timestamp_on_readonly_fs.patch
new file mode 100644
index 0000000000..14580f8704
--- /dev/null
+++ b/make/dnsmasq/patches/030-support_dnssec_timestamp_on_readonly_fs.patch
@@ -0,0 +1,81 @@
+--- src/dnsmasq.c
++++ src/dnsmasq.c
+@@ -1457,8 +1457,7 @@
+ 	/* update timestamp file on TERM if time is considered valid */
+ 	if (daemon->back_to_the_future)
+ 	  {
+-	     if (utimes(daemon->timestamp_file, NULL) == -1)
+-		my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
++		update_timestamp_amtime();
+ 	  }
+ #endif
+ 
+--- src/dnsmasq.h
++++ src/dnsmasq.h
+@@ -1060,6 +1060,7 @@
+ #ifdef HAVE_DNSSEC
+   struct ds_config *ds;
+   char *timestamp_file;
++  int timestamp_file_is_on_readonly_fs;
+ #endif
+ 
+   /* globally used stuff for DNS */
+@@ -1230,6 +1231,7 @@
+ size_t filter_rrsigs(struct dns_header *header, size_t plen);
+ unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name);
+ int setup_timestamp(void);
++void update_timestamp_amtime(void); /* sets atime and mtime of the timestamp_file to the current time */
+ 
+ /* crypto.c */
+ const struct nettle_hash *hash_find(char *name);
+--- src/dnssec.c
++++ src/dnssec.c
+@@ -145,6 +145,7 @@
+   struct stat statbuf;
+   
+   daemon->back_to_the_future = 0;
++  daemon->timestamp_file_is_on_readonly_fs = 0;
+   
+   if (!daemon->timestamp_file)
+     return 0;
+@@ -156,8 +157,7 @@
+       if (difftime(timestamp_time, time(0)) <=  0)
+ 	{
+ 	  /* time already OK, update timestamp, and do key checking from the start. */
+-	  if (utimes(daemon->timestamp_file, NULL) == -1)
+-	    my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
++	  update_timestamp_amtime();
+ 	  daemon->back_to_the_future = 1;
+ 	  return 0;
+ 	}
+@@ -185,6 +185,20 @@
+   return -1;
+ }
+ 
++void update_timestamp_amtime(void)
++{
++	if (!daemon->timestamp_file || daemon->timestamp_file_is_on_readonly_fs)
++		return;
++
++	if (utimes(daemon->timestamp_file, NULL) == -1) {
++		if (errno == EROFS) {
++			daemon->timestamp_file_is_on_readonly_fs = 1;
++		} else {
++			my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
++		}
++	}
++}
++
+ /* Check whether today/now is between date_start and date_end */
+ static int check_date_range(u32 date_start, u32 date_end)
+ {
+@@ -202,8 +216,7 @@
+     {
+       if (daemon->back_to_the_future == 0 && difftime(timestamp_time, curtime) <= 0)
+ 	{
+-	  if (utimes(daemon->timestamp_file, NULL) != 0)
+-	    my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
++	  update_timestamp_amtime();
+ 	  
+ 	  my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps."));
+ 	  daemon->back_to_the_future = 1;