Tested on Snort 2, Snort 3 and Suricata 6 Take note if you have www -> apex redirect Utilise a curve not produced by NIST Canadian Shield, Cloudflare, DNS Filter, NextDNS, OpenDNS, Quad9 Many formats available It's not enabled by default and you can easily switch to other providers. DoT/DoH does not completely eliminate ISP surveillance. Synk depends on GNU version of patch utility. The package dependency on Node can cause security issue. Here's how to use Snyk to mitigate it.