• danA
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    Ordinary DNS requests are always plaintext and readable to anyone between you and the DNS server.

    Not just readable… The ISP can inject their own responses too. Regular DNS is both unencrypted and unauthenticated, with most clients not enforcing DNSSEC.