Most people have heard of DNSSec, which provides integrity of DNS requests and responses but not privacy. DNS requests and responses are still sent over the wire in plaintext, available for eavesdropping and traffic analysis. There are a number of newer protocols to protect the privacy of requests, like DNS-over-HTTPS, DNS-over-TLS and DNSCrypt. There are also a number of new public DNS resolvers available that support some or all of these newer protocols.
This talk will explore the protocols, the service providers offering encrypted public DNS resolvers and how to configure Debian to use them.