This tutorial will be showing you how to protect your DNS privacy on Linux Mint with DNS over TLS. We will use a tool called stubby, but first, let me tell you why DNS is not secure.
DNS Vulnerability
DNS is insecure because by default DNS queries are not encrypted. They are sent in plain text on the wire and can be exploited by middle entities. For example, the Great Firewall of China (GFW) uses a technique called DNS cache poison to censor Chinese Internet. (They also use other methods, which are beyond the scope of this article.)
GFW checks every DNS query that is sent to a DNS server outside of China. Since plain text DNS protocol is based on UDP, which is a connection-less protocol, GFW can spoof both the client IP and server IP. When GFW finds a domain name on its block list, it changes the DNS response.
Read full tutorial here: https://www.linuxbabe.com/linux-mint/dns-over-tls-stubby
