How to fight DNS hijacking

We also have an article on securing DNS traffic on clients (part of our home network security series):

1 Like

Didn’t Google DNS support DoT (& DoH) in January or why do you say they are unencrypted?

https://developers.google.com/speed/public-dns/docs/dns-over-tls

https://developers.google.com/speed/public-dns/docs/doh/

Archives, for people who have Google’s domain blocked:
http://archive.fo/JnD0k
http://archive.fo/QOKSO

Yes, they support it. However, the default configuration file for Google DNS provided by Turris OS only contains the unencrypted version. So, most Omnia owners don’t have a configuration file for it. You could create custom configuration files, of course.

1 Like

From my experience in the GFW, dnscrypt, DoH, and DoT can protect me from DNS hijacking/contamination. DoT might be at more risk of being detected, since it uses a special port.

1 Like