On Sun, 24 May 2020 20:55:29 +0200 Jörn Clausen <[email protected]> wrote:
> I simply don't get how this is a use case for DoT or DoH. Even if you > disguise the DNS lookup, the next packet you send will be directed to > the address you just looked up. Unless this happens to be a virtual > hosting service, it is quite clear to your ISP what you are doing. I > recommend this talk by Paul Vixie There is always potential for surveillance. You may think you're safe on a VPN, but if you didn't setup the endpoints yourself, on your own hardware, how can you trust some VPN provider 100%? You can't. I think the value of DoT is to stop DNS traffic hijacking and redirection. Even if you configure /etc/resolv.conf to point to some trusted DNS server, your ISP (or anyone else) can surreptitiously redirect it to their own DNS server for various purposes (tracking, filtering, serving ads, etc). Yes there are other ways to track people, but the less info you leak in plain text the better.
