Q&A What DNS client to use?

SecurityNightmares

Level 36
Verified
Jan 9, 2020
2,565
DoH is, yes. DoT is not. As a whole, encryption is about security.
Yes encryption means security but not this time.
Encrypted DNS doesn't harden your security in any way like DNSSEC or certificate pinning does for example.
Encrypted DNS "only" increase your privacy against "man in the middle".

I also doesn't say it's not needed as I use always encrypted DNS, but it's not what most people think it is.
You can read more at GrapheneOS Frequently Asked Questions (not GrapheneOS related)
 
  • Like
Reactions: blackice

blackice

Level 32
Verified
Apr 1, 2019
2,145
Yes encryption means security but not this time.
Encrypted DNS doesn't harden your security in any way like DNSSEC or certificate pinning does for example.
Encrypted DNS "only" increase your privacy against "man in the middle".

I also doesn't say it's not needed as I use always encrypted DNS, but it's not what most people think it is.
You can read more at GrapheneOS Frequently Asked Questions (not GrapheneOS related)
A lot of people conflate the purpose of DNSSEC vs encrypted DNS. To be fair the information hasn't been disseminated well.
 
Top