8 Jan
2015
8 Jan
'15
4:55 p.m.
On Thu, 08 Jan 2015 08:38:35 -0800, Paul Syverson <paul.syverson@nrl.navy.mil> wrote:
The flip side is that, against such an adversary, using a DNS server that supports encryption of queries and responses is probably more important than it being local.
I like to chain unbound up to dnscrypt-proxy in order to encrypt DNS traffic for this very reason. dnscrypt-proxy frequently is unable to keep up however, so I currently have unbound configured to make queries directly if dnscrypt-proxy is not responding.