DNSSec question

[richardeid]

I will say again Quad9 is filtered it is promoted as such. That is all I was saying. DNSSEC and Rebind Protection should work fine with Quad9....

No, I understood I just think I worded my response poorly. I'm not saying Quad9 isn't causing a problem but that the filtering Quad9 does doesn't seem like it would be causing my issue. If it were the issue wouldn't I have seen issues before enabling these settings? I think it would be a huge coincidence.

Regardless I do appreciate any suggestion. When it comes to things I'm diving in to I usually make a mess out of it at first and rely on everyone here to help me sort it out. So thank you for the help.

 

[Treadler]

Could you elaborate a little on "most dnssec compliant"? I'm pretty new to the DNSSEC stuff and this is what I see when I run the rootcanary test:
View attachment 13931

I'm on 9.9.9.9 as my only listed DNS server for the time being. Running the GRC test gives me a few different PCH servers with 74.63.17.* but provides for all Excellent results. Some of the other tests listed appear to give me good results but I'm still having some issues with pages not loading or not loading on the first try. All I should need to do is enable DNSSEC and DNS rebind protection on the LAN>DHCP Server tab, right?

In my testing, Quad9 had fewer ‘red crosses’ than either Google, & particularly Cloudflare.
The technical detail of this is above my pay grade, but the real world results of this for me mean no hassles with Quad9, but troubles with the other two resolvers.

My 10 cents worth; enabling dnssec & rebind protection with Quad9 shouldn’t make any difference to site resolution. It certainly didn’t for me.
Maybe after enabling, try rebooting your router & clients?

 

[richardeid]

I tried restarting everything once the problems started. I'm not a 100% novice, lol. Then I did an ipconfig /reset on a couple machines figuring maybe it needed to refresh for no reason in particular...didn't work. On one test machine I even reset the IP stack (netsh int ip reset) knowing that probably wouldn't do it...didn't.

Last night I was going back through my config and I noticed I had my secondary DNS server set up for OpenDNS. I can't even remember doing that. Just for troubleshooting purposes I removed that and left only Quad9 as my primary. Before I headed out the door this morning I noticed that I was having no problems with page loading, though I don't think I did at first anyway so I'm not 100% sure the issued is gone. I'm not sure how the problem could have been OpenDNS as the secondary that was causing page load issues, but if that can be explained I'd be satisfied. Once I noticed that set as my secondary I checked to see if OpenDNS supported DNSSEC and it doesn't...only DNSCrypt. But still, being the secondary resolver...well maybe my paygrade is pretty low, too.

I'll be home in a couple hours and have more time to play around so I'll update when I know more. Thanks again!

 

[Theliel]

I've spent time using both, DoH and DNSSec with Google, and except for one domain in particular, and because of DoH alone, everything has always worked fine. It is true that some DNS servers do not work fine sometimes, but for me at least, with Google, Zero issues (well, only one issue with one domain).