Comment on Firefox rolls out ECH enabled by default in 118
lemmyvore@feddit.nl 8 months agoHold on, these are orthogonal technologies.
DNSSEC signs DNS records so you know they’re genuine and come straight from the authoritative nameservers for the domain.
DoH encrypts DNS traffic so nobody can eavesdrop on what domains you connect to, and masks it as HTTPS traffic so providers can’t block it to force you to use their nameservers.
r00ty@kbin.life 8 months ago
Actually, that's a pretty decent explanation of why they only want to use DoH. Makes sense to me now, cheers.