Debug page seems contradictory

I’m using a stub resolver to connect to 1.1.1.1 over TLS. Checking the DNS debug page seems to get contradictory results: it says that I’m not connected to 1.1.1.1, but the reported AS is Cloudflare. Based on my configuration, the error is that I am connected to 1.1.1.1 (and the report that I’m not is wrong), rather than the AS being wrong.

Disable DNSSEC. The test displays false negatives when your client is validating DNSSEC.

1 Like

That’d explain it. Is there an explanation for the explanation?

Explained here: *.is-cf.cloudflareresolve.com is not a valid DNSSEC zone