Cloudflare DNS has DoH, but it’s Cloudflare so… ew. Is there one that is more privacy respecting and also has DNS over HTTPS?
Cloudflare DNS has DoH, but it’s Cloudflare so… ew. Is there one that is more privacy respecting and also has DNS over HTTPS?
Yes that’s how DNS resolution works. Any DNS resolver can either query another resolver (most commercial internet routers will query your ISP’s resolver), or resolve the domain name themselves by querying DNS servers from right to left in the domain name.
For example, querying lemmy.ml involves:
mlDNS serversmlDNS servers forlemmylemmyDNS servers for an IP address to connect toRecursive resolution is a feature of the DNS system which ensures distribution of power among actors, so a single bad actors, even when very high in the hierarchy, can’t have too much negative impact further down the chain. For example, if root servers are compromised, they couldn’t stop
lemmy.mlfrom resolving: they could stop the whole ofmlfrom resolving (becausemlis part of the zone they have authority for) but nothing more. This aspect of DNS limits temptation of censorship.Wouldn’t it still be plaintext though? Someone upstream the network (namely your ISP) datamining your network traffic would still be able to tell which domains you’re requesting, right?
Short answer, yes. But Authoritative DNS over TLS (ADoT) is being standardized for encrypting resolver-to-authority queries.
Does Unbound support this already?