Cloudflare DNS has DoH, but it’s Cloudflare so… ew. Is there one that is more privacy respecting and also has DNS over HTTPS?

  • southerntofu
    link
    fedilink
    arrow-up
    1
    ·
    4 years ago

    Yes that’s how DNS resolution works. Any DNS resolver can either query another resolver (most commercial internet routers will query your ISP’s resolver), or resolve the domain name themselves by querying DNS servers from right to left in the domain name.

    For example, querying lemmy.ml involves:

    • querying ICANN root servers for ml DNS servers
    • querying ml DNS servers for lemmy
    • querying lemmy DNS servers for an IP address to connect to

    Recursive resolution is a feature of the DNS system which ensures distribution of power among actors, so a single bad actors, even when very high in the hierarchy, can’t have too much negative impact further down the chain. For example, if root servers are compromised, they couldn’t stop lemmy.ml from resolving: they could stop the whole of ml from resolving (because ml is part of the zone they have authority for) but nothing more. This aspect of DNS limits temptation of censorship.