Hi again.
I noticed that my Pi-Hole does not use any entries in the cache.
DNS cache size: 10000
DNS cache insertions: 0
DNS cache evictions: 0
In the beginning, that still worked, not anymore. Does anyone have any idea why this might be? DNSSEC is enabled. Unfortunately pihole -r and Co. did not help. Or is the behavior normal?
Token: Since I currently have another problem, a token will lure you on the wrong track, which is why I have not added any here.
Thank you very much.
Had the same problem with v4.1.2 and enabled DNSSEC, and still have with v4.2.1.
I have DNSSEC disabled now 
As noted above by @mibere there have been problems with cache and DNSSEC.
Which upstream DNS servers are you using, and can you disable DNSSEC and see if the problem resolves?
Thanks for your answers.
I use AS250.net Foundation (https://as250.net/) as Upstream.
Test it without DNSSEC when I am home again.
Yes, without DNSSEC the DNS Cache is working.
Are the devs working on this issue?
DNSSEC and the DNS cache are implemented by dnsmasq. If there's a bug in those areas, it is a dnsmasq bug, not a Pi-hole bug.
Can you run pihole checkout ftl hotfix/v4.2.3 and see if that allows cache again with DNSSEC. I've just tried and it looks like cache is working again with DNSSEC enabled.
@DanSchaper Hi! Thanks for your answer. I updated to 4.2.3 but that changes nothing.
DNS cache insertions: 0
Sure, I surfed a little bit!
Without DNSSEC works instantly. You have any news about this?
My used DNS is AS250.net with full DNSSEC support. The DNS server is the only difference I can see.
Try using another upstream as a test, I tried with your upstream and saw the same no cache issue. Since this is related to the upstream and not FTL I don't think this is a bug with our package.
@DanSchaper Jep its the upstream server. With Quad9 it works as you said.
Thats good news, but bad news for me. I loved my upstream :(.
Thank you very much for your help and the great work.
Do you have an idea why it's an issue with some upstream, why it's working with one but not with the other? I ask because my own upstream is affected too - no caching with enabled DNSSEC in Pi-hole v4.2.3.
I'll have to check and see if I can find any differences in the payload from the various upstreams. When I get a chance I'll run tcpdump and watch the upstream queries and responses. As Mark pointed out if there are bugs it's most likely to be in the dnsmasq code base as we don't change anything in there.
If you wanted to run pure dnsmasq 2.80 and run dig +short chaos txt cachesize.bind insertions.bind with your preferred upstream that would help, it make take a bit of time before I can try that.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
