Usual dnssec confusion

Please follow the below template, it will help us to help you!

Expected Behaviour:

Using Pi-hole v5.1.2 on raspberry pi.
Do not have unbound installed.
Using Quad9 (filtered, DNSSEC) under upstream dns servers.
Unchecking "use dnssec" everything works fine since I'm assuming Quad9 is doing the dnssec validation (although if so that leads to confusion as to whether or not a user should still check "on" use dnnsec as the instructions seem to indicate I should, regardless if using a Dnssec-capable dns server.) checking at shows thumbs up in this scenario.

Actual Behaviour:

Using the above setup, when I click "on" use dnssec together with Quad9 (filtered, DNSSEC) only shows a thumbs up, any other side cannot reach.

Debug Token:

Cannot upload debug log with "use dnssec" box checked as doing so does not give me an internet connection. Pleas advise as I do have the logs locally.

##Addtional information:
when updating Gravity see following messages:

  [✗] Status: Connection Refused
  [i] Target:
  [✗] Status: Connection Refused
  [✗] List download failed: using previously cached list

when attempting to update via ssh pihole -up get these errors although I can see web pages elsewhere:

pihole -up
  [i] Checking for updates...
fatal: unable to access '': Could not resolve host:
  [i] Pi-hole Core:	up to date
fatal: unable to access '': Could not resolve host:
  [i] Web Interface:	up to date
  [i] FTL:		update available

  [i] FTL out of date, it will be updated by the installer.

  [✓] Root user check

  [✓] Update local cache of available packages
  [i] Existing PHP installation detected : PHP version 7.3.19-1~deb10u1
  [i] Performing unattended setup, no whiptail dialogs will be displayed
  [✓] Disk space check

  [✓] Checking apt-get for upgraded packages... up to date!

  [i] Installer Dependency checks...
  [✓] Checking for dhcpcd5
  [✓] Checking for git
  [✓] Checking for iproute2
  [✓] Checking for whiptail
  [✓] Checking for dnsutils

dig: couldn't get address for '': failure

  Unable to complete update, please contact Pi-hole Support

Let's check and see if your Pi-hole host is using Pi-hole for DNS.

cat /etc/resolv.conf

Thank you for the prompt response. The result of that command is:
cat /etc/resolv.conf

Generated by resolvconf


Now, my router is
My pihole is
and in my router I have set the lan dns server as and also in the router the WAN dns setting the same.

Edit file /etc/dhcpcd.conf and change the nameserver to Cloudflare or Quad 9 or other of your choice.

Then restart dhcpcd.

This will make the Pi independent of Pi-hole status.

Thank you I will try and report back.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.