Everything worked until the update. After the update, I reinstalled all packages and than imported by backup with all configuration files. So far, so good.
When I now run the dig command to check DNSSEC Validation, the 'ad' flag is missing. The ad flag signals that dnsmasq considers the DNS server's response to be authentic or that validation via DNSSEC is working.
Here the output:
mhh interesting. I have just checked https://dnssec.vs.uni-due.de/ and the result is 'Yes, your DNS resolver validates DNSSEC signatures.'
So is this Flag really necessary?
I am not using either google or cloudfare. I am using the DNS of digitalcourage and dismail. Both are no logging and supporting DNS over TLS and DNSSEC.
On the Link you send it says: Check your DNS provider. Make sure there is no DNS leak: https://dnsleaktest.com/
Whats does it in this case means, that both my configured DNS server are listed there? (Picture in the initial question)
I believe it is necessary if you want to perform DNSSEC validation yourself.
E.g. when you don't trust the DoT provider, or they don't validate DNSSEC.
Thank you for explaining. I will try to reset my whole configuration to google / cloudflare on the weekend and keep this post updated, if the problem still exists.
So now I have reset my router and only setup PPPOE and also installed stubby. The DNSSEC validation was now correct and the 'ad' flag was shown. So I think there is something wrong, cause when I re-import my saved settings.
My current steps when updating or reset the router:
Import my basic configuration for PPPOE
Installing all necessary packages
Import my full backup configuration
Maybe that is not the way how to normally do it. But after updating, I do not want to make all my interface and Firewall settings again.
Do you have any better suggestions? Or can I remove the dnsmasq and stubby configurations from the backup file?
Thank you. I will try it when the next update will be released.
What would be the best way to undo my current dnsmasq and stubby settings? Cause when I make all steps on the wiki again, DNS is no longer working and I need to re-import my settings again and the flag is still missing.
Unfortunately after running those commands and setting everything up new, there are no changes, DNS is not working and after reboot, I am no longer able to connect to the router.
I think I will reset the router again tomorrow and delete any dnsmasq & stubby configuration from the backup file to import only my interfaces, wireless, firewall and adblock and make the DNS over TLS setting from scratch, as this was working this morning.