Using DNSSEC and DoH with Pihole and Cloudflared

I’ve configured Pihole to run DoH.
My config.yml is:
proxy-dns: true
proxy-dns-port: 5053

And my DNS is set to
When I use the 1111/help test page I get YES for using DoH.
However, when I enable DNSSEC in Pihole and run the same test, the results I’m getting are NO to everything.

Why is that?
If this a false positive, or does DNSSEC disabled DoH?


Hi @just.gil,

Cloudflare resolver uses several synthesis records to check various client information, which means these records are not signed. We’ve turned off DNSSEC for corresponding zone, but somehow pihole(which uses dnsmasq internally) still thinks the answer is bogus(which shouldn’t be).

BTW, Cloudflare resolver is a DNSSEC validating resolver, you don’t have to do it locally in pihole.