Hacker News new | past | comments | ask | show | jobs | submit login

If you really care, run your own DNS locally. Not all devices/applications support DoH.



Running your own doesn't prevent interception for most domains.


You can run a DoH-to-regular-DNS bridging resolver locally.

My router supports that out of the box, but unfortunately it's somewhat unreliable compared to regular UDP resolution and I had to turn it back off.


It more or less does if your local DNS is just presenting DoH as normal DNS to every device on your LAN, since most devices let you configure DNS per network (even smart TVs, which is nice) but may not have any option for DoH. But at some point you have to trust someone.


> It more or less does if your local DNS is just presenting DoH as normal DNS to every device on your LAN

That's more of a proxy than running my own.

> But at some point you have to trust someone.

If I do my own recursive queries from multiple networks, I don't really have to trust anyone. (I mean, that's still trusting authoritative servers, but arguably they're correct by definition.)

Though I could also ask multiple diverse DoH servers to get a similar effect.


For any domains really.

Your best bet is something like Dnscrypt or DoH that exposes a resolver locally on your full network.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: