Hey,
I'm running pihole v.5.1.1 with Cloudflared as in this doc.
https://docs.pi-hole.net/guides/dns-over-https/
I'm noticing if I have DNSSEC enabled in Pihole DNSSEC is not enabled and does not validate and DOH is not being used when testing to https://1.1.1.1/help, however if i disable DNSSEC. DNSSEC does validate properly also employees doh.
I would leave DNSSEC disabled in Pi-Hole. I don't think it's a Pi-hole bug, but is a Cloudflare DoH checker bahavior.
You might be right, I'm not sure where fault lies. I always try to have DNSSEC validation as close to end user as possible which is best practice for implementation.
Stange that DoH also did not validate correctly with dnssec enabled on 127.0.0.1#5053 as only resolver.