I’m using a stub resolver to connect to 1.1.1.1 over TLS. Checking the DNS debug page seems to get contradictory results: it says that I’m not connected to 1.1.1.1, but the reported AS is Cloudflare. Based on my configuration, the error is that I am connected to 1.1.1.1 (and the report that I’m not is wrong), rather than the AS being wrong.
Disable DNSSEC. The test displays false negatives when your client is validating DNSSEC.
1 Like
That’d explain it. Is there an explanation for the explanation?