The Real Coffee
Kali@coffee I know right? I’ve been encrypting my connection to cloudflare for better privacy but that doesn’t feel like enough because I don’t know how it looks on the backend
@kali well, i meant trust on the root servers, I know there are like 10 from different companies on different countries, but still.
I wonder how the registrar's work, .com has a similar setup as the root servers, but how about the smaller TLDs?
@kali although trust on the "local" provider is also a thing
@coffee and also to add on, DNS is unencrypted by default! I am only aware of that because my school uses deep packet inspection to filter network traffic and monitor students browsing history by forcing everyone to connect to their network DNS service. They made it a point to block common ipv4 dns servers to make it harder to get around.
I know that TLDs are licensed to registrars by some domain name authority so i’d guess that they would hold a definitive for others to cache
Alex Band@kali @coffee Maybe run your own #DNS resolver? You can be completely independent. Query Name Minimisation is enabled by default, enhancing privacy. DoT and DoH are supported as well. https://unbound.docs.nlnetlabs.nl/en/latest/use-cases/home-resolver.html