I’m running raspbian Jessie lite, version 2017-01-11, on a raspberry pi 3 model B.
I’ve enabled DNSSEC validation.
Dnsmasq reports the following: validation archive.raspberrypi.org is ABANDONED
As a result, a simple sudo apt-get update fails, error message: Failed to fetch http://archive.raspberrypi.org/debian/dists/jessie/InRelease Could not resolve 'archive.raspberrypi.org' Some index files failed to download. They have been ignored, or old ones used instead.
I've already sent a mail to raspberrypi.org, but who knows when this will be fixed, thus the warning.
I've read this topic and would like to know if the pihole developers support this solution, maybe even consider making it an option?
I'm not so sure if that is a good idea. It will configure the device running Pi-hole to actually bypass any of your settings: no DNSSEC (why did you enable it then?), no blocking lists, no blacklists, etc.
While this might lead to a situation where you can install updates on your Pi-hole you will still not be able to update other Raspberry Pis in your local network that would still use the Pi-hole as their DNS server.
In this case, I'd suggest to completely disable DNSSEC for the time being. Note that it is disabled by default on fresh installations.
Update:
There is nothing wrong with the DNSSEC entries for the domain archive.raspberrypi.org
It tuns out even dnsmasq 2.76-5 has a problem with DNSSEC, thus the false ABONDONED message.
There is a solution, you can read about it here.
Apologies for the insinuation the domain entries would be incorrect.