undefined | Better HN

0 pointsKlathmon7y ago0 comments

I guess I was just heading off the flurry of comments along the lines of "Why use DoH when we have DNSSEC?" that always seem to come up when discussing DoH.

0 comments

pornel7y ago

DNSSEC has no encryption. It's not for privacy at all.

bluejekyll7y ago

Right, DNSSEC is about validating the authenticity of the DNS Record in a DNS Message, whereas DNS-over-TLS/HTTPS is about establishing authenticity and privacy with the upstream resolver.

In theory if the upstream resolver is using DNSSEC to validate all the Records, then the client over the TLS session can be fairly confident in the Records it receives.

j / k navigate · click thread line to collapse