DNS Privacy

DNS privacy encompasses the techniques, protocols, and policies designed to protect user browsing intent from passive surveillance at the DNS layer. Because traditional [[dns|DNS]] queries are sent unencrypted in plaintext, they are visible to ISPs, network administrators, and passive eavesdroppers. Protocols such as [[dns-over-https|DNS-over-HTTPS (DoH)]], [[dns-over-tls|DNS-over-TLS (DoT)]], and [[encrypted-sni|Encrypted Client Hello (ECH)]] encrypt DNS traffic. Additional privacy measures include query name minimization (RFC 7816), which limits the information shared with each resolver tier, and the use of privacy-respecting resolvers that follow strict no-log policies.