First time posting on this forum + have been using Pi Hole for over a year. Love it and keep up the good work.
Expected Behaviour:
Currently testing FTLDNS. Selected Cloudflare DNS and enabled DNSSEC. Expected to see results that DNSSEC is enabled and working. Note: this issue happened before switching to FTLDNS (in hope something gets resolved!).
Expected to see DNSSEC is on - https://en.internet.nl
Actual Behaviour:
https://en.internet.nl reports that DNSSEC isn't working?
https://en.internet.nl/connection/259d2d13720941329519afde9e194d77/results
Including over at: https://dnssec.vs.uni-due.de/
Debug Token:
5xc4nh9r1i
RamSet
April 11, 2018, 10:01pm
2
Check out the discussion here:
When I enable DNSSEC, some sites fail to resolve, I contacted staff on one of them asking to check what was up, and confirmed that DNSSEC was enabled and working their end, but was given this info about Cloudfare sites and advised to let you guys know
ECDSA is not without its trade-offs. According to Roland van Rijswijk-Deij et al., only 80% of resolvers support ECDSA validation. This number is growing, but it means that if we switched the entire DNSSEC Internet onto ECDSA right now, DNSSEC va…
This might solve your issue.
2 Likes
Thanks for the details @ramset ! DNSSEC is like the dark arts...
I did a clean install this evening with Raspbian lite + FTLDNS + Cloudflared (using this guide - Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1 - Scott Helme . Then boom, DNSSEC was up and running nicely.
Hopefully this post will help someone else.
2 Likes
system
May 3, 2018, 9:38pm
4
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.