The issue I am facing:
For local hosts DNS queries, but also for external domains, the Query Log shows Status: OK (cache) INSECURE.
Am I doing something wrong?
Details about my system:
pi-hole v5.11.4
What I have changed since installing Pi-hole:
No.
INSECURE just means that the authoritative DNS server for a given domain does not offer digitally signed DNS records, so DNSSEC validation cannot be performed at all.
It's only when such a DNS server supports DNSSEC that Pi-hole could distinguish between autthentic SECURE DNS records and compromised BOGUS ones.
Without DNSSEC validation, Pi-hole cannot establish whether the integrity of DNS records has been compromised or not. Consequently, the DNS records are exactly as reliable as with plain DNS.
See also Understanding DNSSEC validation using Pi-hole's Query Log.
Thanks
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.