Christian Hofer:
The thread model is DNS hijacking. Yes, you can prevent DNS hijacking using DoH if you *trust* the resolver you connect to. However, if you want to verify authenticity and integrity of DNS responses you need DNSSEC.
Could you elaborate on the use-case since DNS record authenticity is often just a vehicle to bootstrap some other use-case (for example DANE). What higher level use-case do you have in mind where authenticity of DNS entries provides a value for tor / Tor Browser users?
What I'm trying to get to: Authentic IP addresses from A/AAAA records are probably of limited value in the context of a tor client since the exit relay has full control over the routing anyway. If the tor clients asks the exit relay to connect to IP A (which is the actual DNSSEC validated IP address) there is nothing that can stop an exit from routing it to some other IP address.
That is why I'm trying to get to the bottom of your DNSSEC use-case.
To avoid anonymity set reductions I'm also primarily interested in enabled by default designs (in contrast to opt-in) which brings you to the next problems: performance, scaleability and resolver selection.
Please don't let me discourage you with my questions, they are not meant to. Just trying to understand and hopefully find some common ground to move forward since I see a rather motivated person and it would be a pity to loose that opportunity.
My vision for DNS privacy in Tor Browser: Be able to visit a HTTPS website without the exit relay learning what domain it was (encrypted DNS + encrypted SNI)
There are a few issues to solve along that path.
kind regards, nusenu