Your Fancy DNS Tricks Won’t Give You Privacy

Encrypted DNS, Pi-hole, Unbound, Cloudflare, and Quad9 can hide or reduce DNS exposure, but that does not automatically stop your ISP from seeing which websites you visit. In this hands-on test, David uses a Raspberry Pi, Python scripts, and a network tap to show how an ISP-like observer can still log website destinations through TLS/SNI traffic, even when DNS queries are hidden. We test multiple setups, including DNS over HTTPS, Pi-hole, Unbound, Cloudflare, and browser secure DNS settings, then compare what disappears from DNS logs versus what still shows up in live connection metadata. If you think encrypted DNS alone gives you browsing privacy, this demonstration may change how you think about ISP tracking, website blocking, and the limits of DNS privacy. // YouTube Video REFERENCE // How your ISP tracks you (even with encrypted DNS): https://youtu.be/46hy3r_1VqY // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb X: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/@davidbombal Spotify: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ SoundCloud: https://soundcloud.com/davidbombal Apple Podcast: https://podcasts.apple.com/us/podcast/david-bombal/id1466865532 // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Introduction 02:13 - SNI vs DNS Monitoring 03:44 - Traffic Examples 06:10 - Capture traffic with Wireshark 08:02 - Firefox Settings 08:32 - Comparing Traffic Post Encryption 10:30 - DNS settings 11:05 - Comparing Traffic Again 13:40 - Using pi-hole 14:58 - Firefox Settings Variation 15:36 - Comparing Traffic Again 16:16 - Using an Unbound Server 17:10 - Comparing