Forward most of the dns request with a SECURE return on the admin interface.
A lot of dns request are returning INSECURE. With some OK forwarded.
https://tricorder.pi-hole.net/icih1t1710
Hello there,
I used pi hole with DNSCrypt going through scaleway-fr and anon relays.
I would like to know if you can help me on my behaviour.
Best regards,
Thank you for your work and your time.
See How do I interperet the DNSSEC column in the query log? for info on DNSSEC and what the results mean.
As of Pi-hole 3.3, you can see the DNSSEC status in the query log.
SECURE are records that have been signed and verified to be unchanged from the authoritative DNS serverINSECURE are records that either have no signature or DNSSEC is not implemented for the domain; either the domain is unsigned and not implementing DNSSEC or there are other issuesBOGUS are records that have been signed but have changed or been altered from the authoritative DNS serverYou will see INSECURE, but that does not mean a bad record--just has not been implemented. BOGUS records are something to look at, either they have been altered in transit or the domain maintainer has not updated the records correctly. At present, 90% of the records you see will be INSECURE as there is not a lot of DNSSEC uptake currently.
If you see BOGUS on a test for a known bad record then things look like they are configured correctly. As more domains move to utilizing DNSSEC the INSECURE will tend to fade away, but we are a long ways away from full adoption of the technology.
I've take a look at the doc, but i prefer to be certain. Thank you for your answer !
As extra question, do you know how can i really be sure that my dns request are encrypted by DNSCrypt from my Pi ?
Regards.
No, I don't. You'd need to ask the DNSCrypt folks about that.
Will do !
Thank you again.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.