| ▲ | craftkiller 4 days ago | |
I used to do that, but that has the downside of sending all your DNS requests unencrypted over the network. By using a forwarder you have the option to use DoT or DoH. | ||
| ▲ | pumplekin 4 days ago | parent [-] | |
There is work coming at the IETF to help with this. - Draft: DELEG (a new way of doing delegations, replacing the NS/DS records). - A draft to follow: Using the extensible mechanisms of DELEG to allow you to specify alternative transports for those nameservers (eg: DoH/DoT/DoQ). This would allow a recursive server to make encrypted connections to everything it talks to (that has those DELEG records and supports encrypted transports) as part of resolution. Of course, traffic analysis still exists. If you are talking to the nameservers of bigtittygothgirls.com, and the only domains served by those name servers are bigtittygothgirls ... | ||