Using dnssec with DNS over TLS?

Red Dragon

New Around Here
I've setup "DNS over TLS" with Quad9 on my AX58 router. Should I also enable dnssec? Also should I change the "DNS over TLS" Profile to Strict?
 

EmeraldDeer

Very Senior Member
Yes, set it to Strict.

No, do not enable DNSSEC at the router level. You want Quad 9 to incur the overhead of DNSSEC between them and the DNS servers. The results can come back through a bit set in a non-DNSSEC response. Validate that this is working by visiting DNSSEC test site http://dnssec.vs.uni-due.de/
 

bbunge

Part of the Furniture
Your call to enable DNSSEC. The way it is set up in the Merlin firmware uses dnamasq to validate the source. Stubby could also be used but has no GUI setup to do that. DNSSEC is an added security measure.
And the validation sites for DNSSEC may not give true results.
Quad9 is good for DoT and DNSSEC.
 

Treadler

Very Senior Member
Your call to enable DNSSEC. The way it is set up in the Merlin firmware uses dnamasq to validate the source. Stubby could also be used but has no GUI setup to do that. DNSSEC is an added security measure.
And the validation sites for DNSSEC may not give true results.
Quad9 is good for DoT and DNSSEC.
+1, Quad9 is good for DoT and DNSSEC. working well here.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top