ESNI for hosts file?

I was wondering if ESNI is going to work for hosts whose address is overridden in /etc/hosts.

Does ESNI still make ESNI DNS lookups for hosts resolved via the hosts file?

1 Like

ESNI doesn’t care how your computer resolved the IP address for the site. /etc/hosts is essentially a local DNS lookup.

However…I can’t think of a time I ever used /etc/hosts with Cloudflare IP addresses. I usually go the opposite direction: Public DNS has my site’s Cloudflare IP address, and my /etc/hosts has my origin server’s IP address.

Though I suppose if you’re just trying to test your site through Cloudflare if it’s “Paused” or DNS-Only, you may go the /etc/hosts route.


OK I see. Indeed it seems to still work even if I override the CF IP in the hosts file. It means that theoretically I could leak DNS type65 queries for a certain domain even if I use the hosts file. So for better privacy ESNI should be coupled with DOH.

This topic was automatically closed after 30 days. New replies are no longer allowed.