DNSSEC Validation

According to Cloudflare Browser Check it appears that 1.1.1.1 does not validate DNSSEC signed responses but yet the DNS is secure.

How can it be verified secure if it doesn’t validate the DNSSEC responses?

image1201×366 37.9 KB

Can you post the results of https://1.1.1.1/help?

If it looks something like mine:
https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6Ik5vIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6Ik5vIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiTEFYIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiQ2xvdWRmbGFyZSIsImlzcEFzbiI6IjEzMzM1In0=

It should pass DNSSEC:

Screen Shot 2020-06-15 at 3.27.45 PM2552×1628 415 KB

https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjEwMDEiOiJZZXMiLCJkYXRhY2VudGVyTG9jYXRpb24iOiJMSFIiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJTa3kgQnJvYWRiYW5kIiwiaXNwQXNuIjoiNTYwNyJ9

The only difference I can see between my result and yours is that I have connectivity to the resolvers over IPv6 as well as IPv4.

EDIT: I just noticed on yours it shows the AS Name as Cloudflare and the AS Number as 13335 whereas on mine it shows my actual ISP