[sneak]

Another option is to simply configure your workstation to use DoH. Then your ISP can't fuck with your address resolution.

I recommend using NextDNS, and then setting up a provisioning profile at https://apple.nextdns.io to set it as your revolver on your macs and ios devices. The ad-blocking features are a nice bonus, too.

NextDNS also has a cool free software CLI local DoH proxy resolver which works a charm.

[MaxBarraclough]

From the page's footnotes:

> Changing your DNS resolver to a public one like Google’s instead of your ISP’s is not sufficient as of 2021, for two ISPs I’ve tested, and I suspect for all UK ISPs that implement blocking.

[sneak]

I read the article in full.

Changing your non-DoH resolver (such as using Google Public DNS) means requests and responses can still be edited by your ISP. This is what the article is talking about.

I suggested DoH (encrypted DNS) because this is not subject to such tampering. DoH (DNS-over-HTTPS) is not the same as traditional unencrypted port 53 DNS.

Really, anyone who gives a shit about privacy should be using DoH exclusively, otherwise you are basically uploading your web history in real-time to your ISP for mining and resale.

[o8r3oFTZPE]

I have been testing a large number of DoH servers. I have noticed that some names are not available across all (supposedly unfiltered) DoH servers. For example, there are some DoH servers that had no A record for webshare.io, the domain mentioned in the OP.