On 03/07/2020 09:46, Marc SCHAEFER wrote: > On Fri, Jul 03, 2020 at 01:20:09AM +0100, tincanteksup wrote: >> DNSSec would put an end to this sort of snooping .. lol > > As Gert said, no, it won't. > > What you may want is DNS over HTTPS or over TLS. However, in that case, it's > the DNS provider that can snoop on you, but no longer your ISP. If your ISP > does not spy on you, the mixing with all of its customers and the caching it > offers are valuable. > > Google and CloudFare offer DNS over HTTPS, bypassing your local DNS, > the latter seem to less spy on its users. > > https://en.wikipedia.org/wiki/DNS_over_HTTPS
For a more in-depth walk-through about the issues around DNS over HTTPS (DoH), please see this: <https://www.youtube.com/watch?v=ZxTdEEuyxHU> Paul Vixie is one of the biggest names in the DNS scope, and this guy knows what DNS is all about. DoH is really not a good solution for very many use cases. And it is a move in the opposite direction of the benefit of a proper DNS protocol, decentralizing requests. And DoH needs to implement additional complexity on the server side if you want to consider regional based DNS lookups (like using a local CDN) ... and this is not even touching the privacy/tracking issues in DoH. What is often ignored by many of the DoH promoters, DNS over TLS (DoT) exists and provides the same level of features as unencrypted DNS lookups - without all the issues DoH adds. The biggest challenge of DoT is that many DNS servers have not been upgraded to a reasonable solution with this support, and many who has done that has not configured DoT yet. -- kind regards, David Sommerseth _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
