HI There
FWIW, please allow me to share a pointer to the Open Source MacOSX/Windows tool
DOX [1] that allows to to send queries via Classic DNS, DoT and DoH.
To check for encrypted DNS in form of DNS-over-TLS from a command line, you
might want to use kdig from the knot-dnsutils package [2],
Hi Dominik,
If an operator you trust offers DoT with DNSSEC validated name and pinned
certificate - would you trust this more than if all happens in the clear?
At least it allows me to make sure that there are just two places where my DNS
in in the clear - on the HG and on the DNS service
Hi Geert, Dominik,
FAIW - i was curious to see if RFC 8415 of November 2018, the update of the now
officially obsoleted RFC 3315, uses some other wording, but it also just speaks
about 4 octets that jointly are an unsigned integer
https://tools.ietf.org/html/rfc8415#section-21.21
