• davelA
      link
      fedilink
      English
      arrow-up
      4
      ·
      10 months ago

      That’s a good point. Almost everyone uses their ISP’s DNS.

    • rokzoi@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      10 months ago

      Correct me if i am wrong but DNSSEC has nothing to do with encryption of your request. It is used to verify that the record you received is from the correct authority. Furthermore your DNS requests have to go through your ISP even if you don’t use their DNS server as it is your only connection to the Internet.

      The only thing you could do is encrypt the traffic somehow (dns over https exists), but then you have to trust that provider instead, and your ISP can still see the IP addresses you try to reach after you know them and might be able to still do a domain lookup using DNS if it is also configured to return the domain when looking up the IP. If they would put in the effort of course.