Can ISPs crack TLS?

Kuketz forum

What does DNS over TLS do?

Postby DeathAndPain »

Hello everybody,

I know by and large how this stuff works. I am only asking the question of the meaning, with a view to the following points of view:
  • Anyone who can monitor my Internet connection can easily see which IPs I use to contact me after my encrypted DNS queries. Using reverse DNS, he can find out who I was in contact with as well as if he could read the DNS request in plain text right away.
  • The DNS server operator can decrypt the requests and therefore knows them one way or another.
The only point where there could theoretically be an advantage is if a third party could monitor the Internet connection of the DNS server, but not mine. Only then would he gain information through the legibility of my DNS accesses. However, you usually use the DNS server of your own provider, and if you are able to sniff all the traffic there, you should also monitor the connections provided by the ISP or hack into the DNS server and read the decrypted requests .

If you don't use the DNS server of your own provider, you blindly trust the server operator, which is such a thing with providers like Google.

So I wonder what DNS does over TLS at all.