Cloudflare ESNI Checker - DNSSEC Failed With

Hello people,

I have a DNSSEC validation error using in firefox

I made the settings in firefox

network.trr.mode = 2
network.trr.bootstrapAddress = = true

but i still have error message with DNSSEC is it a bug? am i protected?

I am having the same problem with Cloudflared (dns-over-https) and stubby (dns-over-tls).

it’s very strange, let’s wait if someone can understand the reason

@GustavoF to re-enable DNSSEC verification in Firefox: type about:config in the address bar and then change the network.trr.mode value from 2 to 3.
I still have to figure out why cloudflared and stubby aren’t working properly with DNSSEC verification.

I found out the problem: I use Pihole and a backup DNS in case the first one is not accessible (not in a round robin fashion but with the strict-order option in dnsmasq). What happened was that the SERVAIL answer from Cloudflare triggered the Backup DNS (not DNSSEC enabled) which gave the “wrong” answer to the test.

1 Like

this is really strange but the change worked well, with the network.trr.bootstrapAddress function I think I will not have any problems disconnecting, thanks for the help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.