Y
Hacker News
new
|
ask
|
show
|
jobs
by
dannypgh
3291 days ago
That's not what DNSSEC is. DNSSEC is about signing the data in DNS, not encrypting it in transit. The same metadata analysis is possible.
2 comments
icebraining
3291 days ago
Also, if they can see your DNS, chances are they can see the TLS handshake, so SNI would leak the domain anyway. But a VPN should encrypt both.
link
duxet
3291 days ago
Sorry, that's right, i was talking about DNSCrypt of course.
link