• Ullebe1
    link
    fedilink
    81 year ago

    Ordinary DNS requests are always plaintext and readable to anyone between you and the DNS server. So regardless of which DNS server you use, your ISP can see all your DNS lookups. For any amount of privacy for DNS, the minimum is something like DNS-over-TLS or DNS-over-HTTPS, the latter of which Firefox uses by default in some countries and supports everywhere.

    • @[email protected]
      link
      fedilink
      51 year ago

      Ordinary DNS requests are always plaintext and readable to anyone between you and the DNS server.

      Not just readable… The ISP can inject their own responses too. Regular DNS is both unencrypted and unauthenticated, with most clients not enforcing DNSSEC.

      • @[email protected]
        link
        fedilink
        41 year ago

        It’s easy to setup something like AdGuard Home that provides malware blocking, ad blocking if you’re interested in that, and supports DNS-over-HTTPS out of the box (unlike PiHole, which needs a bunch of manual setup)