Turn off DNSSEC validation and ECS support for compatibility.
This feature disables DNSSEC, as well as EDNS Client Subnet (ECS) DNS extensions. This is useful if you find that some websites don't resolve, usually due to misconfiguration on the part of the owner of the domain. The issue would present itself as follows:
To solve this issue, toggle the Disable DNSSEC option to ON.
Is this safe?
Yes, if you use Secure DNS protocols like DNS-over-HTTPS or DNS-over-TLS, DNSSEC provides virtually no value. Your DNS requests cannot be intercepted or spoofed by anyone. Also, since Control D is a manipulating DNS resolver (based on your rules) this is conflicting with the whole concept of DNSSEC.
TLDR: Disable DNSSEC and be happy.
Updated 5 days ago