29 Mar
2018
29 Mar
'18
12:24 p.m.
On Thu, Mar 29, 2018 at 9:27 AM, Brian Kantor <Brian@ampr.org> wrote:
Of course they could. But it's testable; experiments show that they aren't doing so currently.
Some of the recursive DNS providers support a protocol called DNSCrypt for authenticating data between the client and the recursive nameserver, to mutually authenticate client+server, and ensure data hasn't been modified by a man-in-the-middle. https://www.opendns.com/about/innovations/dnscrypt/
- Brian
-- -JH