It does if you do DNS over TLS or HTTPS, although I guess that information would still be knowable to your DNS provider if they terminate your TLS behind the scenes
Not quite. In order to make TLS certs work on a per-site basis, requests sent over HTTPS also include a virtual host indicator in cleartext that shows the hostname of the site you’re trying to connect to, so if the IP on the other end is hosting multiple domains it can find the right cert. For this reason some people feel that DNS over TLS is pretty pointless as a privacy measure.
It's still not perfect since you're still leaking information about the privacy set implied by the outer ClientHello, but this possibly isn't much worse than the destination IP address you're leaking anyway.
optimalquiet|4 months ago
ahlCVA|4 months ago
It's still not perfect since you're still leaking information about the privacy set implied by the outer ClientHello, but this possibly isn't much worse than the destination IP address you're leaking anyway.
MrOwen|4 months ago