Some DNS servers flush the cache when the configuration changes
systemd-resolved flush the cache when the network configuration changes. However
dnsmasq with the default setup keeps its cache when the configuration changes. Is this information worth adding to the comparison table? -- Pdc (talk) 12:40, 3 March 2019 (UTC)
Implement DoT with stunnel on any server
Can't we use stunnel with any of the listed servers ? I am not sure if it is possible to forward every queries from the server to stunnel, or how to make every answer from the server go through stunnel (maybe use iptables ?) -- Apollo22 (talk) 21:01, 25 May 2019 (UTC)
- I don't know about this, I've yet to research in enough detail. What I'd really like to offer readers is a way they can replace insecure outbound DNS requests with a more trustless implementation of DNS-Over-HTTPS (or DoT). I say 'trustless' because what it would do is send the request to a few DNS servers, say four, and will wait for three identical responses before visiting that IP address. Is there anything that does this?