This wouldn't be possible with dnssec right?

Anunayj · 2023-10-02T04:46:08

Yes, however it defeats one of the main point of ECH, that is encrypting the SNI. Since the domain is leaked in plaintext DNS.

jacooper · 2023-10-02T13:04:13

Why? You can just use DNS-over-TLS/HTTPS + dnssec + ECH + TLSv1.3 and then you should have a unblockable website(outside of IP address bans).

Anunayj · 2023-10-04T19:35:40

Ah yes, sorry I thought you meant can't we just use plaintext DNS + DNSSEC.