This feature disables DNSSEC, as well as EDNS Client Subnet (ECS) DNS extensions. This is useful if you find that some websites don't resolve, usually due to misconfiguration on the part of the owner of the domain. The issue would present itself as follows:
To solve this issue, Edit your Profile, go to Profile Options and toggle the Disable DNSSEC Profile Option to ON.
Yes, if you use Secure DNS protocols like DNS-over-HTTPS or DNS-over-TLS, DNSSEC provides virtually no value. Your DNS requests cannot be intercepted or spoofed by anyone. Also, since Control D is a manipulating DNS resolver (based on your rules) this is conflicting with the whole concept of DNSSEC.
TLDR: Disable DNSSEC and be happy.
Updated 4 months ago