Comment by hsbauauvhabzb
8 months ago
I’ve heard this before. Is there a way to reliably detect if this is occurring or case studies of where this has occurred?
Edit: I assume dns over https prevents this also, right?
8 months ago
I’ve heard this before. Is there a way to reliably detect if this is occurring or case studies of where this has occurred?
Edit: I assume dns over https prevents this also, right?
DNSSEC would reveal that it's happening straight away, but that doesn't get you the IP address.
Of course, as mentioned putting your recursive DNS server on a cheap VPS somewhere that doesn't hack your connection would.
Yes, DoH prevents that, unless the DoH provider is in on it too, which most of the major ones are now, as this article is about.
There are lots of providers that aren’t CloudFlare/Google/etc: https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-av...
(There’s lots of smaller providers, but lots operated by governments, ccTLD administrators, and other major organizations)
I only bring this up because the idea that the major providers “are” the internet is the only reason this is a possible and a problem in the first place.