Expected Behaviour:
Docker mpgirro / docker-pihole - unbound 2025.08.0
DNSSEC tests confirms working. How to fix Insecure messaging as displayed in Query Log?
= Custom DNS server entered as 127:0.0.1#5335
= Use DNSSEC checked
Actual Behaviour:
Despite these settings, INSECURE persists under DNSSEC status for Windows, cell phone and other networked devices on local LAN.
It may well be that you have only observed those clients querying domains which do not use DNSSEC.
Try going to Query Log and selecting 1,000 Recent Queries in the drop-down.
Then go to Advanced filtering and select a Client (eg your Windows machine) and DNSSEC status as SECURE. Then hit Refresh.
You may find this reveals that your Windows computer (and repeat for your phone, etc) is requesting some domains which use DNSSEC.
Done, set for Secure; but being humble here, not sure exactly what I am seeing. I do see a lot of entries under Domain being example.org. Lots of them.
Doing the same but with Insecure, domains like edge.microsoft.com show up as well as discourse.pi-hole.net (which is this very site).
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.