▪ The DNS resolver stores a base64 encoded SHA256 hash of honeypod.org (local) TLS certificate
▪ DNS resolver establishes a TCP connection with honeypod.org (local)
▪ DNS resolver initiates a TLS handshake
▪ In the TLS handshake, honeypod.org (local) presents its TLS certificate.
▪ Once the TLS connection is established, the DNS resolver can send DNS over an encrypted connection, preventing eavesdropping and tampering.