I use Quad9 (filtered, DNSSEC) for the upstream DNS.
Does it hurt if I enable it in the advanced DNS settings menu?
You have to enable DNSSEC in Pi-hole so Pi-hole will do DNSSEC with that DNS server.
1 Like
On the same subject but it's about pihole unbound dns.
If I'm running unboud solution do I still enable this DNSSEC in the settings?
You don't need to do this. Unbound is doing the DNSSEC validation in this setup.
1 Like
hi, just to be clear for myself... if unbound is running, then on the pihole web interface, are you saying where it says in the 'settings' > DNS (tab) > scroll down toward its bottom there is check box for USE DNSSEC.... uncheck that if it's checked ON?
Yes. Unbound is performing the DNSSEC function.
But if I'm not mistaken, it is not an issue if you DO turn it on, right? (since one of the most recent updates of dnsmasq, this shouldn't be an issue anymore, if I recall correctly from a couple of posts on here)
When turned on, it shows the DNSSEC response in the query log, which I prefer to have...
If it causes you no problems, the leave DNNSEC enabled in Pi-hole. It will increase the size of your log file a bit.