• 0 Posts
  • 40 Comments
Joined 6 months ago
cake
Cake day: May 31st, 2024

help-circle
  • It seems like your whole threat model is avoiding DNS poisoning, which is fine, but I fail to see how you can compare using DoH/DoT to a VPN.

    so no one can even read which website you want to visit.

    Except for the DNS provider (in your example, Google, so… yikes), the operator of the network you’re on (since the destination IP can be rDNS’d or WHOIS’d, or simply grabbed from the Host header if your browser still tries HTTP first). Any traffic that is not encrypted will be snoopable. Traffic volume and connection times to each destination can be analyzed.

    By contrast, a VPN will also use secure (if you trust the provider ofc) DNS servers for your requests, plus making all of the traffic completely opaque except for “going to this server”.

    no app, no account, no money required

    You can also make your own, free VPN service with a little technical knowledge.


















  • I can’t change my router’s DNS

    Do you mean you can’t change the DNS server in the DHCP settings or the server the router itself uses? In the first case you might be able to use Pi-Hole’s DHCP server instead, while for the latter it shouldn’t be an issue - I actually usually leave upstream servers configured there to avoid loops. BTW, you might also be able to flash OpenWRT to your router