By hijacking I mean redirection .
I think I should be done at cliet’s OS level.
Can Router do anything for it ?
You must log in or # to comment.
Having a DNSSEC-enabled resolver does protect from tampering with the DNS records, but not all ISPs properly support it so you may see many more errors. It should be used in conjunction with recursion or a respectable public resolver with support for DoH/DoT
You either want DoT (DNS over TLS) or DoH (DNS over HTTPS)
Pihole and adguard home support both.