Set-up cloudfared as a proxy, still "You may not be using secure DNS."

Hi community,

hope that you can help me. I am using my Raspberry Pi 4 as a pi-hole and DNS resolver. Pi-hole works great, 1.1.1.1. by itself works great too but I would like to get the whole nine yards and use DNSSEC and Secure DNS with it too.

DNSSEC is working but it looks Iike I cannot get Secure DNS to work, as the test always shows You may not be using secure DNS.

I have Cloudflare running on 127.0.0.1 of my Raspberry on port 5053, the DNS resolver gets forwarded from 53 to 5053 for the proxy set-up according to cloudflared (DoH) - Pi-hole documentation and test done on Safari on MacOS Big Sur:

I added the requested logs and some, can you please help me figure out what could be wrong? Thanks!

As I cannot post the logs (“Only four links for new members.”) and there seems to be no way to attach the logs I add them bit by bit and on request:

dig @127.0.0.1 -p 5053 google.com

; <<>> DiG 9.11.5-P4-5.1+deb10u3-Raspbian <<>> @127.0.0.1 -p 5053 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49075
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 161 IN A 172.217.22.238

;; Query time: 13 msec
;; SERVER: 127.0.0.1#5053(127.0.0.1)
;; WHEN: Tue Mar 23 18:55:35 CET 2021
;; MSG SIZE rcvd: 65#

curl -H ‘accept: application/dns-json’ 'https://cloudflare-dns.com/dns-query?name=cloudflare.com&type=AAAA

{“Status”:0,“TC”:false,“RD”:true,“RA”:true,“AD”:true,“CD”:false,“Question”:[{“name”:“cloudflare.com”,“type”:28}],“Answer”:[{“name”:“cloudflare.com”,“type”:28,“TTL”:93,“data”:“2606:4700::6810:85e5”},{“name”:“cloudflare.com”,“type”:28,“TTL”:93,“data”:“2606:4700::6810:84e5”}]}

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.