On 2017-06-19, Rui Ribeiro <ruyrybe...@gmail.com> wrote:
> Depending on how "evil" the ISP is, or how you want to obfuscate your
> metadata, you might want to have a look at dnscrypt
> https://blog.ipredator.se/openbsd-dnscrypt-howto.html

Yes, that's an option, though it does just move your trust from the ISP
to the dnscrypt server operator.

Checking dnssec (which you can do on a local recursive resolver, even
if it's forwarding through an isp or dnscrypt server) at least helps for
domains which sign their zones.

Reply via email to