On Thu, Mar 29, 2018 at 9:27 AM, Brian Kantor <br...@ampr.org> wrote:
> Of course they could.  But it's testable; experiments show that they
> aren't doing so currently.

Some of the recursive DNS providers support a protocol called  DNSCrypt
for  authenticating data between the  client and the recursive nameserver,
to mutually authenticate client+server, and ensure data hasn't been modified
by a man-in-the-middle.

https://www.opendns.com/about/innovations/dnscrypt/

>         - Brian
--
-JH

Reply via email to