[dns-operations] Detecting DNS hijacking (Was: new public DNS service:

Jeremy Harris jgh at wizmail.org
Tue Nov 21 12:16:48 UTC 2017

On 21/11/17 11:36, Stephane Bortzmeyer wrote:
> The proper solution is
> DNS-over-TLS (RFC 7858), which Quad9 deploys (Google should, too).

Would one, as a client, also need to enforce certificate pinning
to assure authentication of the you're talking TLS to?

In these days of TLS MITM and so on...

More information about the dns-operations mailing list