Query Root DNS Servers on Alternate port
-
My ISP has the ability to hijack my DNS. I'm wondering if there is a way for me to send my Resolver's queries on a port other than 53?
-
Yep.
Here is the list https://www.iana.org/domains/root/servers - contact them, and ask them if they could open another port.
Please, let them keep port 53 in parallel, otherwise the Internet will stop working for all of us.More serious :
The root guys don't support DoT.
Keep in mind : activating DoT for the entire chain will multiply for ever involved server the load by a huge factor.
See, for example, https://www.reddit.com/r/sysadmin/comments/caf8se/dns_over_tls_with_root_name_servers_clarification/If you want a sure answer : use DNSSEC.
If you want to hide your traffic for your ISP : forward to, for example, one.one.one.one (is 1.1.1.1 but don't use the numbers, use the host name).
As of today, you can't have both.Or, why not : pushing everything over a VPN with an end point very nearby one of the x.root-servers.net guys.