Il faut penser à activer le chiffrement du SNI :
about:config
Puis mettre
network.security.esni.enabled
à
true
Et tester :
https://www.cloudflare.com/ssl/encrypted-sni/
Il y a aussi DoT (DNS on TLS) et DNSSEC , je suis comme çà pour le moment :
~]$ cat /etc/systemd/resolved.conf
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details
[Resolve]
#DNS=
FallbackDNS=1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10 2001:4860:4860::8888
Domains=~.
#LLMNR=yes
#MulticastDNS=yes
DNSSEC=allow-downgrade
DNSOverTLS=opportunistic
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes
