DNSSEC-free resolvers only

[sergeevabc]

Tonight a lot of Russian users faced the inability to open .ru websites.

It was covered by the Ministry of Digital Development and local media, I myself faced it. The issue turned out to be related to the "global DNSSEC infrastructure". What exactly this means remains unclear. Perhaps this is someone's mistake, perhaps malicious sabotage due to the ongoing cold war, but this is definitely not a power outage.

A workaround during these hours, which helped some of us, was to switch to the ISP's DNS resolver without DNSSEC. Now, how do I do the same with DNSCrypt if its option require_dnssec = false returns both kind of resolvers (with and without DNSSEC)?

[lifenjoiner]

how do I do the same with DNSCrypt if its option require_dnssec = false returns both kind of resolvers (with and without DNSSEC)?

Like DoHTTPS, DNSSEC, DNSCrypt is also an encryption protocol.

DNSCrypt/HTTPS {
    DNSSEC {
        Plain DNS {}
    }
}

So, DNSSEC is an inner layer here. I don't think requiring DNSSEC or not could be known from the outside.
DNSSEC takes effect during the upstream server communicates with its upstream servers, when this layer becomes the outer layer.

[sergeevabc]

I found a tool to diagnose the features of DNS resolvers:
https://cmdns.dev.dns-oarc.net/

After diagnosing a few resolvers, I found that DNSSEC is not supported
at least by libredns and yandex. I will update if it happens again.