Skip to content

Public DNS over TLS

Introduction

DNS (Domain Name System) is a crucial component of the internet infrastructure that translates human-readable domain names into IP addresses that machines can understand. Traditionally, DNS queries and responses are transmitted in plaintext, which makes them vulnerable to eavesdropping, tampering, and other security threats. However, the advent of DNS over TLS (Transport Layer Security) has significantly improved the security and privacy of DNS communications. In this blog post, we will discuss the benefits and challenges of using public DNS over TLS.

Benefits of Public DNS over TLS

One of the primary benefits of using public DNS over TLS is that it encrypts DNS traffic between the client and the DNS resolver, which makes it more difficult for attackers to intercept or modify the data. This is particularly important for users who access the internet over public Wi-Fi networks, which are often unsecured and susceptible to attacks. Public DNS over TLS also provides additional privacy protections by preventing third-party entities from tracking users’ online activities based on their DNS queries.

Another advantage of public DNS over TLS is that it can improve the performance of DNS resolution by reducing the latency and increasing the reliability of DNS responses. This is because DNS over TLS supports pipelining, which allows multiple DNS queries to be sent over a single encrypted connection, thereby reducing the handshake overhead and improving the responsiveness of the DNS resolver.

Provider IP Blocking Features
Cloudflare 1.1.1.1 None DNS over TLS on port 853
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Google Public DNS 8.8.8.8 None DNS over TLS on port 853
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844
Quad9 9.9.9.9 Malware DNS over TLS on port 853
149.112.112.112
2620:fe::fe
2620:fe::9
CleanBrowsing 185.228.168.168 Adult content DNS over TLS on port 853
185.228.168.169
2a0d:2a00:1::
2a0d:2a00:2::
CleanBrowsing 185.228.168.9 Malware DNS over TLS on port 853
185.228.169.9
2a0d:2a00:1::2
2a0d:2a00:2::2
Quadrant Information Security 12.159.2.159 None DNS over TLS on port 853
2001:1890:140c::159

Challenges of Public DNS over TLS

While public DNS over TLS offers many benefits, it also presents some challenges that need to be addressed. One of the main challenges is that it requires additional computational resources to establish and maintain the TLS connection, which can increase the latency and reduce the performance of DNS resolution, particularly on low-powered devices.

Another challenge of public DNS over TLS is that it can be more difficult to configure and troubleshoot than traditional DNS. This is because it requires the client and the DNS resolver to support the TLS protocol and a compatible cipher suite, and the client needs to verify the identity of the resolver’s certificate to prevent man-in-the-middle attacks.

Conclusion

In conclusion, public DNS over TLS is an important development that enhances the security and privacy of DNS communications. It provides many benefits, including encryption of DNS traffic, improved performance, and enhanced privacy protections. However, it also poses some challenges that need to be addressed, such as increased latency and complexity of configuration. Overall, public DNS over TLS is a valuable tool for users who want to enhance their online security and privacy.

Feedback