Why DNS encryption is not the norm?

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

  • Larger Font Styles

    Just a quick heads-up that I've implemented larger font variants of our forum's light and dark page styles. You can select the style of your choice by scrolling to the footer of any page here. This might be more comfortable (it is for me) for those with high-resolution displays where the standard fonts, while permitting a lot of text to fit on the screen, might be uncomfortably small.

    (You can permanently dismiss this notification with the “X” at the upper right.)



Apr 13, 2021
Not sure why?

But I think every ISP does a "man in the middle attack" when you type a wrong word in the address bar and gives you an advert...

for example:

AT&T has this hard coded in their routers:

domain attlocal.net

this is their server listening to your DNS requests

Bypassing this DNS in the middle removes this... in resolv.conf using linux...not sure in windows tho...


Active member
Sep 24, 2020
If my ISP would not have honoured Non-Existent Domain (NXDOMAIN) responses, I would have changed them immediately; for me, any ISP that does that does not deserve my money.

DNS traffic security is a fairly recent change to the specification. Very few DNS recursors support it right now, and while the number is going up, it will still take some time. It took us about 25 years and a quasi-monopoly (Alphabet) before making HTTP over TLS as the default document transfer protocol, instead of HTTP, on the Internet.

Regarding “attlocal.net” DNS search domain, you can remove it in your DHCP Server settings (local DNS resolution might break), or always use the Fully Qualified Domain Name (FQDN) which includes a period at the end of the name, as such: forums.grc.com.
Using the FQDN tells your recursor that you want the precise name and not to search for alternatives if it receives an NXDOMAIN.
Note: forums.grc.com is not a FQDN, whereas forums.grc.com. is.


Apr 13, 2021
I have lived in many places and Internet Service Providers buy "areas" not sure how else to put it. For example, in one area only comcast is allowed and no other... while in another area only AT&T is allowed. So you are forced to use one regardless if you don't like their "practices"...

I am learning how to do DNS encryption just recently. I am surprised there are many companies now enforcing that I think even firefox has that built in their browsers....but I don't use firefox.

Windows 10 has now transformed into a very heavy intrusive operating system...I have tried to disable many intrusive services to no win...the operating system lies to you. For example, I disable the antivirus automatic scanning but yet it is working in the background testing every app I use. If I disable more things to get it to bare bones, the OS goes in to panic mode and halts many things. I gave up on windows just recently...

on linux, you are back again to be in control over the operating system. No hard coded built in admin to the OS...you can brake it easy and do whatever you please...


I like red!
Sep 26, 2020
The "areas" are divided into two slots, cable and DSL, so the examples you gave, AT&T and Comcast can't block each other. I think AT&T's Time Warner purchase did put AT&T into both slots in some places however.