Knowledge Base
AVM Content
Local DNSSEC cannot be used via the FRITZ!Box
Since updating FRITZ!OS, DNS requests are no longer resolved via the FRITZ!Box if the devices use a DNSSEC validation (i.e. an authenticity validation of DNS entries for a domain).
The problem affects both their own local DNS servers in the home network (for example Pi-hole, Bind9), which are announced via the FRITZ!Box DHCP server, and connector in doctors' offices and pharmacies (for example Gematik, secunet).
Local DNSSEC is not supported
Due to an error in FRITZ!OS 7.56/57, DNSSEC validation cannot be used for DNS requests via the FRITZ!Box. We will correct this error in a future FRITZ!OS update.
If you are leasing your FRITZ!Box from your cable provider, your cable provider will make the FRITZ!OS update available, and not AVM. It will be installed automatically. In this case, refer to your cable provider for possible release dates for the update.
Note:You can have push service mails notify you when new updates are available. In addition, you can configure the FRITZ!Box so that new updates are installed automatically. You can enable these options under "System > Push Service" or "System > Update > Auto Update" in the user interface.
Workaround
- Enter the DNS servers of your internet service provider or a different public DNS server (for example from Cloudflare 217.0.43.146 und 217.0.43.162) in your local DNS server or the connector. If you are running a local DNS server, you can also deactivate DNSSEC in the DNS server instead.
Important:Changes to connectors in doctors' offices or pharmacies should only be made after consulting the service provider on the premises.
Deutschland
International (English)
Österreich
Nederland
España
Italia
Polska
België (Nederlands)
Luxemburg (Deutsch)
Schweiz (Deutsch)