DNSSEC bogus (false positiv)

meadows · April 10, 2024, 3:25pm

Hardware: Raspi 4 with 2GB RAM
SW: DietPi_RPi-ARMv8-Bookworm latest
Pi-hole version is v5.18.2 (Latest: v5.18.2)
web version is v5.21 (Latest: v5.21)
FTL version is v5.25.1 (Latest: v5.25.1)

Expected Behaviour:

DNSSEC option replies a validated dns record for the domain netadata.cloud

Actual Behaviour:

If I disable the DNSSEC option in the admin panel I receive a validated connection to netdata.cloud.

Debug Token:

https://tricorder.pi-hole.net/WqEqWHb1/

wd9895 · April 10, 2024, 3:42pm

It also works with pihole

First check your pi time. DNSSEC is critical on an exact system time.

meadows · April 10, 2024, 3:46pm

chronyc tracking
Reference ID : C3C98961 (defiant.tlercher.de)
Stratum : 3
Ref time (UTC) : Wed Apr 10 15:43:47 2024
System time : 0.000109454 seconds fast of NTP time
Last offset : -0.000095844 seconds
RMS offset : 0.000141836 seconds
Frequency : 18.242 ppm fast
Residual freq : -0.003 ppm
Skew : 0.049 ppm
Root delay : 0.022367956 seconds
Root dispersion : 0.001920434 seconds
Update interval : 1041.5 seconds
Leap status : Normal

timedatectl status
Local time: Wed 2024-04-10 17:49:03 CEST
Universal time: Wed 2024-04-10 15:49:03 UTC
RTC time: n/a
Time zone: Europe/Berlin (CEST, +0200)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no

meadows · April 10, 2024, 5:15pm

system · May 1, 2024, 5:15pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.