Hi,
since the update to the most recent version 23.05.3 (so the assumption) my customized configuration with paid Adguard DNS no longer works. But this exact configuration had worked for months before without any problems. The whole thing must have something to do with DNSSEC. As soon as I deactivate this in Unbound, everything works.
I am currently using the free version of Adguard DNS which works without any problems.
Since I am a paying customer, I have now contacted Adguard support. Unfortunately, they have not responded yet. I am a little disappointed with how paying customers are treated here.
Add root key 38696 from 2024 for DNSSEC validation. It is added
to the default root keys in unbound-anchor. The content can be
inspected with unbound-anchor -l.
This also fits roughly with the beginning of the problems.
Now I wonder who has to do what here ?
Meanwhile i tried DoT with Stubby+DNSMasq but exact same issue. As soon as I activate DNSSEC within DNSMasq problem occurs.
The stuff from ADGuard support said no problems on their side.
Then I assume that the problem has to do with OpenWRT and is not necessarily an Unbound or DNSMASQ problem. What are the similarities here?