I'd like to have pi-hole enable DNSSEC for my traffic. From Settings>DNS I checked "Use DNSSEC" but interestingly, when I try the dig command to test, I get this but am unsure why:
% dig +dnssec debian.org
;; Truncated, retrying in TCP mode.
;; Connection to 172.17.1.250#53(172.17.1.250) for debian.org failed: connection refused.
If I watch the pihole.log when I try that dig command it does seem to be getting though...
# tail -f /run/log/pihole/pihole.log
Dec 19 15:00:26 dnsmasq[546]: query[A] debian.org from 10.9.8.228
Dec 19 15:00:26 dnsmasq[546]: forwarded debian.org to 172.17.1.1
Dec 19 15:00:26 dnsmasq[546]: dnssec-query[DS] debian.org to 172.17.1.1
Dec 19 15:00:26 dnsmasq[546]: reply debian.org is 128.31.0.62
Dec 19 15:00:26 dnsmasq[546]: reply debian.org is 130.89.148.77
Dec 19 15:00:26 dnsmasq[546]: reply debian.org is 149.20.4.15