Hi. On Tue, Apr 14, 2020 at 06:25:24PM +0100, Liam O'Toole wrote: > I have two reservations about the approach advocated by Reco above. > Maybe I'm not seeing some part of the big picture. > > 1. The risk of DNS snooping is merely shifted from the ISP to the VPS > provider.
Usually you have a limited number of ISPs to choose. You have the whole Internet of VPS providers. Choose one that does not screw with your traffic, and if you don't like that one - there's always another. > 2. Having completed a DNS lookup unbeknownst to the ISP, we still have > to make a connection to the resulting IP address through the ISP's > gateway. The ISP can perform a reverse DNS lookup of the IP address if > they are determined to snoop. And that is why it's important to use DNS over TLS. Unless your ISP can magically decrypt TLS on the fly, the scenario you're describing is impossible. Reco
