|
|
|
|
|
|
by blattimwind
2897 days ago
|
|
|
> So the recursive resolver (your ISP, google, cloudflare) Why not yourself? Your ISP can still see the RR working, of course. > We also need encrypted DNS for the recursive lookup itself so you can run your own resolver somewhere. This would indeed be optimal but would require upgrading a significant portion of authoritative name servers, sooo... might take a while. |
|
|
Well, then what attacker do you defend against if your laptop asks your router via DoT but then the router does an unencrypted recursive lookup anyway?