this post was submitted on 23 Apr 2024
1062 points (97.1% liked)

Memes

45674 readers
1016 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] WereCat@lemmy.world 1 points 6 months ago (1 children)

https://www.cloudflare.com/learning/dns/dns-over-tls/

If I understand it correctly DoH (which I use with NextDNS) should prevent ISP from snooping.

[โ€“] Darkassassin07@lemmy.ca 1 points 6 months ago* (last edited 6 months ago)

It will prevent the ISP from snooping on, or tampering with, the DNS request. However when you go to use the IP you've retrieved via DoH/DoT; your first request establishing a TLS connection to that IP will contain an unencrypted SNI which states the domain you are trying to use. This can be snooped on by your ISP.