I am wondering if an ISP or network admin on my network would be able to change where a DNS server is located at (ex: if a DNS server is located at 132.192.175.210, the ISP/netadmin can redirect it to their own server at 11.29.102.201 to change where the DNS records point to). Does DNSSEC and DoH/DoT combat this, and how? Why is it safe to use a domain for DoH/DoT if it requires going through insecure DNS to get to a secure DNS?
You must log in or register to comment.
I believe your ISP can modify the default DNS of your router so when you connect through DHCP a device it will set that DNS, but if you manually set the DNS in your device ISP can’t notice it.