Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Sure, but then you're blocking the user's DNS server, rendering the entire internet unusable for them, not just one specific site. That was always possible with or without deep packet inspection.


Most DNS over HTTPS compatible clients would gracefully downgrade to regular DNS.


Then most DNS-over-HTTPS clients are vulnerable to active attackers. That's the trade-off you make when falling back to an unsecured protocol.

If clients aren't using some sort of encrypted DNS, then they're vulnerable to domain censorship anyway regardless of whether they're using QUIC.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: