I have a question about the general structure.
I have heard that ISP have the possibility to switch a transparent proxy that intercepts every DNS query and then forwards it to their own DNS server. Would this also be possible with IPfire and unbound and how could I check this?
And second thing, the IPfire itself also goes to the Internet for example pakfire or the time server, is there the same DNS server used that I have entered, it uses the DNS of ISP or is perhaps a specific DNS server somewhere?
Sorry, for these rather unconventional questions, but I would like to know, my knowledge to check this myself are unfortunately very small.
IPFire uses the DNS servers configured in unbound ( WebGUI page Network->Domain Name System ). There are no ‘special’ DNS requests as is found in many Tablet/Smartphone systems.
BTW: Does your ISP DNS server DNSSEC? See also
I do not know if the ISP DNS does DNSSEC, but I disabled ISP DNS and use TLS Protocol to a DNS Provider with TLS hostname and DNSSEC. I was only interested if this can be bypassed by the ISP, if not, then fine.
As far as I have read, this DNSSEC standard has not really caught on and about 10% of websites are only verified. Not very much, is that then also used with DANE, how only that is really safe, I find no entry in the wiki?