I describe in this video how DNS queries can be encrypted to avoid leaking metadata by using
Stubby from the
GetDNS project.
Simon's Sneaky DNS Howto
The following four diagrams depict DNS operating:
- In a typical private environment.
- In a commercial environment.
- With Stubby on the default well-know port for secure DNS, 853.
- With Stubby configured to use the well-know port for HTTPS, 443.
My personal usecase is Stubby in conjunction with my
Sneaky Web Proxy to avoid the pitfall of leaking DNS metadata as depicted in this diagram:
