I was going through each configuration option for my Pi-hole docker container, and I decided to do a little digging into DNSSEC since I had seen it a few times but had no idea what it was.
After reading this article, I had some questions about how DNSSEC works with the Pi-hole and how it interacts with the public DNSs.
- If the DNSSEC flag is set to false, will upstream DNSs still use DNSSEC if they support it?
- Does the DNSSEC on Pi-hole only authenticate LAN resolutions?
- Why isn't DNSSEC enabled by default, i.e., what are the downsides to DNSSEC that led the Pi-hole developers to disable it by default?
- What should I be aware of before enabling it in my configuration?
I'm loving learning about Pi-hole and networking. Thanks all for this brilliant, open-source software
Cheers,
Matt