| ▲ | jqpabc123 8 hours ago | |
Without DNS encryption, my ISP gets a complete log of every hostname I query. With DNS encryption, your ISP still gets a complete log of every IP you visit. And from your IP log, they can easily get the host names if they want them. In fact, I'd be surprised if they even bother logging DNS at all. It's much easier, more efficient and just as effective to log IPs. Used by itself, encrypting DNS doesn't really hide anything and is thus an exercise in futility. Used with a more comprehensive solution like a VPN, it is even more so. | ||
| ▲ | voioo 6 hours ago | parent [-] | |
Yes, DNS encryption not hiding IP, that part is true. But still not useless is my point. ISP cannot see exact domains, only IP, and with CDN one IP can be many sites. Also DNS hijack/poison is common, and DoT/DoH stop this cheap attack. VPN is stronger, but DNS encryption is small layer of privacy without moving trust to VPN provider. | ||