Oddbean new post about | logout
 Assuming it's a shared domain, then by querying for the sjors@ TXT record I'm revealing that (to e.g. Google if doing dns over http).

Whereas with https I'm only revealing the domain at the dns level. But then the server knows exactly what I asked for. 
 Yes, that's true for a shared domain, yes.
The TXT record points out directly to the final user. True.

On the other hand, DNS architecture allows the user to hide behind a DNS recursive server (from the ISP, institution, DoH providers, etc), whereas it's easier to leak your final IP to the HTTPS server (if you don't user a webproxy).

Different privacy compromises, I guess.