Query Root DNS Servers on Alternate port
My ISP has the ability to hijack my DNS. I'm wondering if there is a way for me to send my Resolver's queries on a port other than 53?
Gertjan last edited by
Here is the list https://www.iana.org/domains/root/servers - contact them, and ask them if they could open another port.
Please, let them keep port 53 in parallel, otherwise the Internet will stop working for all of us.
More serious :
The root guys don't support DoT.
Keep in mind : activating DoT for the entire chain will multiply for ever involved server the load by a huge factor.
See, for example, https://www.reddit.com/r/sysadmin/comments/caf8se/dns_over_tls_with_root_name_servers_clarification/
If you want a sure answer : use DNSSEC.
If you want to hide your traffic for your ISP : forward to, for example, one.one.one.one (is 184.108.40.206 but don't use the numbers, use the host name).
As of today, you can't have both.
Or, why not : pushing everything over a VPN with an end point very nearby one of the x.root-servers.net guys.