it's an option for all users. see https://pi-hole.net/ and note that if you put it on a pi-zero you can afford more than one for resiliency. in any case you want your rdns to share fate and topology with your other uplink traffic.
It should, and no doubt will be, built-in to system resolvers at some point. We have to make do with the levers we have. The problem with DoT is it's trivial to force people to downgrade to plaintext DNS, so it's pretty reasonable to think snoopers will do that.
-
-
The people arguing against it are going to be on the wrong side of history. In five years they'll remember how they argued that plaintext is good for privacy, and it's dangerous not to let the your isp or hotel wifi monitor your activity, they're gonna look real silly.

- 5 more replies
New conversation -
-
-
Do you imply that the snoopers will use active methods to block DoT resolvers from working? What would prevent them from blacklisting canary domain to downgrade DoH, too?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
