Y
Hacker News
new
|
ask
|
show
|
jobs
by
duxet
3291 days ago
DNSSEC - your isp will still have ip adresses, but won't know exact domain names
1 comments
dannypgh
3291 days ago
That's not what DNSSEC is. DNSSEC is about signing the data in DNS, not encrypting it in transit. The same metadata analysis is possible.
link
icebraining
3291 days ago
Also, if they can see your DNS, chances are they can see the TLS handshake, so SNI would leak the domain anyway. But a VPN should encrypt both.
link
duxet
3291 days ago
Sorry, that's right, i was talking about DNSCrypt of course.
link