NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Securing DNS traffic

On Sun, 24 May 2020 20:55:29 +0200
Jörn Clausen <> wrote:

> I simply don't get how this is a use case for DoT or DoH. Even if you
> disguise the DNS lookup, the next packet you send will be directed to
> the address you just looked up. Unless this happens to be a virtual
> hosting service, it is quite clear to your ISP what you are doing. I
> recommend this talk by Paul Vixie

There is always potential for surveillance. You may think you're safe
on a VPN, but if you didn't setup the endpoints yourself, on your own
hardware, how can you trust some VPN provider 100%? You can't.

I think the value of DoT is to stop DNS traffic hijacking and
redirection. Even if you configure /etc/resolv.conf to point to some
trusted DNS server, your ISP (or anyone else) can surreptitiously
redirect it to their own DNS server for various purposes (tracking,
filtering, serving ads, etc). Yes there are other ways to track people,
but the less info you leak in plain text the better.

Home | Main Index | Thread Index | Old Index