In today's episode of "Am I paranoid already?" - Caching Bind resolver forwarding queries to a DoH client connecting to Cloudflare

A fun little thing to configure, and now, anytime I am on my VPN, all my DNS traffic should be completely untrackable.

Does that make me paranoid? Maybe a little... But, the knowledge that noone - not even my ISP, can see what I am doing on the internet, is kinda... Heartarming.

Now, all that's left, is for eSNI to roll out and get implemented by all major web browsers, and most snooping will be completely done for...

  • 0
    Just route normal DNS traffic from your local recursive resolver through the VPN provider too.
    That way, you get your DNSSEC-protected answers directly from the authoritative name servers. Endpoint anonymization is provided by your VPN provider - wich can see you connecting to pornhub anyways (but you could chain VPNs to prevent that).
  • 1
    Paranoia is the delusional fear/thought of being followed/targeted/tracked.

    How would this be paranoia?
  • 0
    @Oktokolo Issue - The "VPN Provider" is my RPi at home. Kinda don't fancy paying for a simple VPN, when I can provide it myself.
  • 0
    @linuxxx a normal user would probably say yes - "I am doing nothing wrong, so the ISP/Gov has no reason to snoop on my data, and even if they did, they aren't going to find anything"

    On the other, knowing that traffic monitoring and processing happens commonly, and in secrecy, I feel justified for hiding at least my DNS...

    Now... just that eSNI...
Add Comment