Note that enabling these two options may increase your privacy
slightly, but may also prevent you from being able to access
local hostnames if the Pi-hole is not used as DHCP server
Validate DNS replies and cache DNSSEC data. When forwarding DNS
queries, Pi-hole requests the DNSSEC records needed to validate
the replies. If a domain fails validation or the upstream does not
support DNSSEC, this setting can cause issues resolving domains.
Use Google, Cloudflare, DNS.WATCH, Quad9, or another DNS
server which supports DNSSEC when activating DNSSEC. Note that
the size of your log might increase significantly
when enabling DNSSEC. A DNSSEC resolver test can be found
here.
If not configured as your DHCP server, Pi-hole won't be able to
determine the names of devices on your local network. As a
result, tables such as Top Clients will only show IP addresses.
One solution for this is to configure Pi-hole to forward these
requests to your DHCP server (most likely your router), but only for devices on your
home network. To configure this we will need to know the IP
address of your DHCP server and the name of your local network.
Note: The local domain name must match the domain name specified
in your DHCP server, likely found within the DHCP settings.