Unbound and encryption


Expected Behaviour:

better security when visiting https://rootcanary.org/test.html

Actual Behaviour:

lots of unlocks on page, other posts I have seen have lots of locks, unsure what to do.

running FTLDNS with unbound on a pi2 raspbian stretch. router is a DD-WRT installed Linksys EA8500.

passes dnssec test http://dnssec.vs.uni-due.de/

I think I found the Fix:

however this talks to me as if I’m at the level of someone that’s competent. can someone help me with this? maybe make one of those awesome pi-hole guides for dummies like me?


Do you know this guide?

Pi-hole as All-Around DNS Solution

It contains

Configure unbound

Highlights: - Listen only for queries from the local Pi-hole installation (on port 5353) - Listen for both UDP and TCP requests - Verify DNSSEC signatures, discarding BOGUS domains - Apply a few security and privacy tricks


Yes, followed that guide, it’s how i got unbound installed. DNSSEC passes.however, from what I gather, unbound isn’t verifying certification, so theoretically you can spoof the certificate and dnssec will be useless


https://rootcanary.org/test.html is a bit strange, sometimes I have to run the test a second time. But I guess the button “Re-run test” doesn’t solve your issue?

You also can try to switch the setting “Use DNSSEC” in the Pi-hole web interface (tab “DNS”).


unfortunately no, and neither did a DNS flush. DNSSEC is enabled and working.


The DNSSEC result on the following sites is ok too?



yes, it works on those sites. DNSSEC is working.