I noticed that my Pi-Hole does not use any entries in the cache.
DNS cache size: 10000
DNS cache insertions: 0
DNS cache evictions: 0
In the beginning, that still worked, not anymore. Does anyone have any idea why this might be? DNSSEC is enabled. Unfortunately pihole -r and Co. did not help. Or is the behavior normal?
Token: Since I currently have another problem, a token will lure you on the wrong track, which is why I have not added any here.
Can you run pihole checkout ftl hotfix/v4.2.3 and see if that allows cache again with DNSSEC. I've just tried and it looks like cache is working again with DNSSEC enabled.
Try using another upstream as a test, I tried with your upstream and saw the same no cache issue. Since this is related to the upstream and not FTL I don't think this is a bug with our package.
Do you have an idea why it's an issue with some upstream, why it's working with one but not with the other? I ask because my own upstream is affected too - no caching with enabled DNSSEC in Pi-hole v4.2.3.
I'll have to check and see if I can find any differences in the payload from the various upstreams. When I get a chance I'll run tcpdump and watch the upstream queries and responses. As Mark pointed out if there are bugs it's most likely to be in the dnsmasq code base as we don't change anything in there.
If you wanted to run pure dnsmasq 2.80 and run dig +short chaos txt cachesize.bind insertions.bind with your preferred upstream that would help, it make take a bit of time before I can try that.