[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DOH

On Tue, 14 Apr 2020 22:26:09 +0100
Liam O'Toole <liam.p.otoole@gmail.com> wrote:

> On Tue, 14 Apr, 2020 at 23:42:48 +0300, Reco wrote:
> 
> [...]
> 
> > > 2. Having completed a DNS lookup unbeknownst to the ISP, we still have
> > > to make a connection to the resulting IP address through the ISP's
> > > gateway. The ISP can perform a reverse DNS lookup of the IP address if
> > > they are determined to snoop.
> > 
> > And that is why it's important to use DNS over TLS.
> > Unless your ISP can magically decrypt TLS on the fly, the scenario
> > you're describing is impossible. 
> 
> I think you misunderstand me. I'm talking about making a connection to
> an IP address that you have already obtained by (encrypted) DNS. For
> example, your personal bind instance tells you that www.debian.org
> resolves to 130.89.148.77. Assuming you then connect to that IP address
> through your ISP, there's nothing to stop them performing a reverse DNS
> lookup on it.

To prevent that that I suppose you'll also have to setup a VPN to your
VPS ...

Celejar
Reply to: