|
|
|
|
|
|
by tptacek
2335 days ago
|
|
|
Against a network-level adversary, DNSSEC does exactly nothing: it's a server-to-server protocol, and the interaction between the resolver on your desktop and the DNS server remains unprotected. And, of course, as you mention, even if you ran a recursive validating resolver on your desktop, DNSSEC still doesn't encrypt anything. People should simply not bother with DNSSEC. |
|
|
Edit: nvm, forgot DoH and DoT were a thing