Hi! Thanks for your prompt answer. Well, the original post is here: https://www.snbforums.com/threads/preview-asuswrt-merlin-384-11-with-dns -over-tls.56095/page-26#post-484685
It's about the Cloudflare security-test website https://www.cloudflare.com/ssl/encrypted-sni/ that reports "You may not be using secure DNS" for some users although those users expect another result. And the original poster brought up that statement about unbound missing a strict DNSSEC mode ... what then confused me because it sounded like there is something wrong with unbound what I liked to be clarified. :hehe: I use unbound on my Raspberry Pi, with DoT upstream servers (port 853 and tls authentication). In the end they agreed upon the Cloudfare test site being buggy (compare https://www.snbforums.com/threads/preview-asuswrt-merlin-384-11-with-dns -over-tls.56095/page-30#post-485000). However, that statement about unbound allegedly missing something like a strict dnssec mode (that dnsmasq and stubby are claimed to have) has been haunting my mind, but maybe I mix things up ... I'm a DNS newbie. Best regards
