Comment by maxloh
1 day ago
Since most ISPs also maintain their own DNS resolver, they could always reverse lookup the IP address AFAIK.
1 day ago
Since most ISPs also maintain their own DNS resolver, they could always reverse lookup the IP address AFAIK.
The whole idea behind ECH is one IP hosts tons of sites (eg. CDN) so you have no idea which one it is.
Also reverse lookup has nothing to do with hosting own DNS resolver.
What you're describing is a SNI, not ECH. Those two serve very different purposes.
> Also reverse lookup has nothing to do with hosting own DNS resolver.
It has everything to do with that. Had you used two brain cells, you would've known that they can memorize the IP address and the domain name, and if you connect to that IP in a short period of time, most likely you visited that domain name.
SNI is unencrypted, so your ISP can see it. ECH encrypts it.
1 reply →
True. ECH is useless if you're using plain DNS. DNS over TLS or HTTPS is the way to go.