I describe in this video how DNS queries can be encrypted to avoid leaking metadata by using Stubby
from the GetDNS
project. Simon's Sneaky DNS Howto
The following four diagrams depict DNS operating:
- In a typical private environment.
- In a commercial environment.
- With Stubby on the default well-know port for secure DNS, 853.
- With Stubby configured to use the well-know port for HTTPS, 443.
My personal usecase is Stubby in conjunction with my Sneaky Web Proxy
to avoid the pitfall of leaking DNS metadata as depicted in this diagram: