undefined | Better HN

0 pointsisostatic7y ago0 comments

Yes there is, but if there wasn't it's easy enough for a government controlled provider to advertise it (and 1.1.1.1 etc).

China (and others) can also simply intercept all udp traffic to port 53.

0 comments

mschuster917y ago

> China (and others) can also simply intercept all udp traffic to port 53.

Which is why DNSSEC (to prevent MITM tampering) and DNS encryption technologies such as DNScrypt or DNS-over-TLS/HTTPS become ever more important to be widely deployed.

tptacek7y ago

DNSSEC does little to prevent state-level intercept of DNS queries, since it's a server-to-server protocol that collapses down to a single, trivially-flipped header bit in the client/server transaction.

isostaticOP7y ago

Doesn't really help though - even when you bypass China's DNS hijacking you still can't connect to the target IP.

j / k navigate · click thread line to collapse