Google DNSSEC vs Pi-Hole's?

Is there any point in enabling DNSSEC if using Google as your upstream resolver, who validates it already? Is it mainly for use with non-DNSSEC resolvers?

There are many articles out there, regarding DNSSEC.
A quote from one of these articles

Ideally, the DNSSEC validation will occur as close as possible to the end user (either a person or a device) so that the attack surface where an attacker could inject bogus DNS packets is minimized.

If you are using raspbian (version february 2017) and want to implement DNSSEC, read this topic to get a working solution.

1 Like