DNSSEC always causes errors on my pihole set up and end up disabling it. The upstream is DoH though (via dnscrypt) so it’s technically DNSSEC but without the clients seeing the authentication. That’s enough for me.
At some point, I fully expect apps and websites to begin resolving DNS directly instead of relying on the OS to provide resolution services. At that point our options will be to wholesale block IP addresses at the router.
DNSSEC always causes errors on my pihole set up and end up disabling it. The upstream is DoH though (via dnscrypt) so it’s technically DNSSEC but without the clients seeing the authentication. That’s enough for me.
At some point, I fully expect apps and websites to begin resolving DNS directly instead of relying on the OS to provide resolution services. At that point our options will be to wholesale block IP addresses at the router.