From 1e690821d239b0b8b9d8988a520be7a5fdb26f52 Mon Sep 17 00:00:00 2001
From: Pierre-Louis Bonicoli <pierre-louis.bonicoli@libregerbil.fr>
Date: Thu, 25 Feb 2021 16:55:15 +0100
Subject: [PATCH] LibreDNS doesn't support DNSSEC

Tested with the following commands:

    $ kdig @116.202.176.26 +tls-host=dot.libredns.gr +dnssec sigfail.verteiltesysteme.net
    ;; TLS session (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
    ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 8416
    ;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 1

    ;; EDNS PSEUDOSECTION:
    ;; Version: 0; flags: do; UDP size: 512 B; ext-rcode: NOERROR

    ;; QUESTION SECTION:
    ;; sigfail.verteiltesysteme.net.		IN	A

    ;; ANSWER SECTION:
    sigfail.verteiltesysteme.net.	42	IN	A	134.91.78.139
    sigfail.verteiltesysteme.net.	42	IN	RRSIG	A 5 3 60 20210502030010 20210131030010 30665 verteiltesysteme.net. //This+RRSIG+is+deliberately+broken///For+more+information+please+go+to/http+//www+verteiltesysteme+net///////////////////////////////////////////////////////////////////8=

The status is NOERROR and the AD flags is missing but the expected
status is SERVAIL.
---
 _includes/sections/dns.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index 7a9180b2..70ebf02a 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -264,7 +264,7 @@ We also log how many times this or that tracker has been blocked. We need this i
         </td>
         <td>No</td>
         <td>DoH, DoT</td>
-        <td>Yes</td>
+        <td>No</td>
         <td>Yes</td>
         <td>
           <span class="no-text-wrap">