
Encrypting DNS end-to-end - el_duderino
https://blog.cloudflare.com/encrypting-dns-end-to-end/
======
z_open
Might be silly questions, but is simply changing the line in my /etc/hosts to
1.1.1.1 enough to have the encrypted DNS? How do I make sure requests are sent
encrypted

Also, if I have a VPN, are DNS requests sent from my machine or from my VPN
provider?

~~~
LinuxBender
Adding an entry in /etc/hosts for 1.1.1.1 would not encrypt your DNS. You
would either have to implement DNS over TLS or DNS over HTTPS. For your home
network, you would need to see if your router can be configured to tunnel DNS
over TLS to a few DNS providers that you feel you can trust. For your laptop,
this could be implementing something like Unbound DNS and configure upstream
TLS DNS servers.

A true VPN (not a https proxy, but an actual VPN) can force all of your
traffic through your VPN provider. Not all VPN providers are equal. You can
test them by looking for leaks with BrowserLeaks [1] and IP Leak [2] The DNS
between the VPN provider and the authoritative servers would still be
unencrypted unless you are using DNS over TLS or DoH.

[1] - [https://browserleaks.com/](https://browserleaks.com/)

[2] - [https://ipleak.net/](https://ipleak.net/)

