Disable DNSSEC

Turn off DNSSEC validation and ECS support for compatibility.

Suggest Edits

This feature disables DNSSEC, as well as EDNS Client Subnet (ECS) DNS extensions. This is useful if you find that some websites don't resolve, usually due to misconfiguration on the part of the owner of the domain. The issue would present itself as follows:

To solve this issue, Edit your Profile, go to Profile Options and toggle the Disable DNSSEC Profile Option to ON.

Is this safe?

Yes, if you use Secure DNS protocols like DNS-over-HTTPS or DNS-over-TLS, DNSSEC provides virtually no value. Your DNS requests cannot be intercepted or spoofed by anyone. Also, since Control D is a manipulating DNS resolver (based on your rules) this is conflicting with the whole concept of DNSSEC.

TLDR: Disable DNSSEC and be happy.

Updated 6 months ago