Oktokolo92020dJust route normal DNS traffic from your local recursive resolver through the VPN provider too.
That way, you get your DNSSEC-protected answers directly from the authoritative name servers. Endpoint anonymization is provided by your VPN provider - wich can see you connecting to pornhub anyways (but you could chain VPNs to prevent that).
linuxxx15377520dParanoia is the delusional fear/thought of being followed/targeted/tracked.
How would this be paranoia?
Aldar82820d@linuxxx a normal user would probably say yes - "I am doing nothing wrong, so the ISP/Gov has no reason to snoop on my data, and even if they did, they aren't going to find anything"
On the other, knowing that traffic monitoring and processing happens commonly, and in secrecy, I feel justified for hiding at least my DNS...
Now... just that eSNI...