Unbound and encryption


Expected Behaviour:

better security when visiting https://rootcanary.org/test.html

Actual Behaviour:

lots of unlocks on page, other posts I have seen have lots of locks, unsure what to do.

running FTLDNS with unbound on a pi2 raspbian stretch. router is a DD-WRT installed Linksys EA8500.

passes dnssec test http://dnssec.vs.uni-due.de/

I think I found the Fix:

however this talks to me as if I’m at the level of someone that’s competent. can someone help me with this? maybe make one of those awesome pi-hole guides for dummies like me?


Do you know this guide?

Pi-hole as All-Around DNS Solution

It contains

Configure unbound

Highlights: - Listen only for queries from the local Pi-hole installation (on port 5353) - Listen for both UDP and TCP requests - Verify DNSSEC signatures, discarding BOGUS domains - Apply a few security and privacy tricks


Yes, followed that guide, it’s how i got unbound installed. DNSSEC passes.however, from what I gather, unbound isn’t verifying certification, so theoretically you can spoof the certificate and dnssec will be useless


https://rootcanary.org/test.html is a bit strange, sometimes I have to run the test a second time. But I guess the button “Re-run test” doesn’t solve your issue?

You also can try to switch the setting “Use DNSSEC” in the Pi-hole web interface (tab “DNS”).


unfortunately no, and neither did a DNS flush. DNSSEC is enabled and working.


The DNSSEC result on the following sites is ok too?



yes, it works on those sites. DNSSEC is working.


This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.