> Isn't that what [axfrdns](https://cr.yp.to/djbdns/axfrdns.html ) from
> djbdns is made for?

It's the "S" in "HTTPS". The whole point of the exercise is to have
end-to-end encryption and server authentication between you and the
DNS server. Otherwise it's dumb, it just adds overhead. If you trust
the path between yourself and your DNS server (e.g. because it's on
your home router), just use plain old DNS-over-UDP.


Reply via email to