I am wondering if an ISP or network admin on my network would be able to change where a DNS server is located at (ex: if a DNS server is located at 132.192.175.210, the ISP/netadmin can redirect it to their own server at 11.29.102.201 to change where the DNS records point to). Does DNSSEC and DoH/DoT combat this, and how? Why is it safe to use a domain for DoH/DoT if it requires going through insecure DNS to get to a secure DNS?

  • sunzu@kbin.run
    link
    fedilink
    arrow-up
    8
    ·
    4 months ago

    Ain’t that is called DNS boot strapping and it is a common practice?

    They sell it as for your own safety but they are just data mining and likely selling it as it is pretty useful info for marketers.