DNSSEC validation not working with 1.1.1.1

I used to pass all the tests on https://www.cloudflare.com/ssl/encrypted-sni/
However, last week the page started to say that the resolver (1.1.1.1) is not validating responses with DNSSEC.
I haven’t changed anything on my computer. I’m using Firefox 82.0.2, Windows 10.


https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6Ik5vIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6Ik5vIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiRkNPIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiQ2xvdWRmbGFyZSIsImlzcEFzbiI6IjEzMzM1In0=

Any ideas?
Thank you

Also, I just noticed that the extended test on dnsleaktest.com says I am using both Cloudflare’s servers and my ISP’s servers! How is it possible? It didn’t happen in the past.

Hi, it looks like this is because of https://bugzilla.mozilla.org/show_bug.cgi?id=1525854

Hm that page mentions network.trr.mode=2; in my about:config, I set network.trr.mode=3.
I don’t know if it’s the same bug, but I agree there must be a bug in the current stable version of Firefox.
I tried Opera on the same computer, with similar settings (except for ESNI, which is not supported by Opera), and everything is fine. So there’s a problem in Firefox.