Comment by xenophonf
DNSSEC is an authentication mechanism. It does not encrypt queries or responses.
You might be thinking of DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT).
There's also DNSCurve.
DNSSEC is an authentication mechanism. It does not encrypt queries or responses.
You might be thinking of DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT).
There's also DNSCurve.
ECH can be used regardless of DoT, DoH, dnscrypt, or plain as long as your resolver passes HTTPS queries.
You can easily test this: dig @8.8.8.8 https pq.cloudflareresearch.com
DoH and DNSSEC don't use ECH (encrypted client hello)
From what I remember, only DoT uses ECH
https://media.ccc.de/v/chaoscolloquium-1-dns-privacy-securit...