Public DNS over TLS
Introduction
DNS (Domain Name System) is a crucial component of the internet infrastructure that translates human-readable domain names into IP addresses that machines can understand. Traditionally, DNS queries and responses are transmitted in plaintext, which makes them vulnerable to eavesdropping, tampering, and other security threats. However, the advent of DNS over TLS (Transport Layer Security) has significantly improved the security and privacy of DNS communications. In this blog post, we will discuss the benefits and challenges of using public DNS over TLS.
Benefits of Public DNS over TLS
One of the primary benefits of using public DNS over TLS is that it encrypts DNS traffic between the client and the DNS resolver, which makes it more difficult for attackers to intercept or modify the data. This is particularly important for users who access the internet over public Wi-Fi networks, which are often unsecured and susceptible to attacks. Public DNS over TLS also provides additional privacy protections by preventing third-party entities from tracking users’ online activities based on their DNS queries.
Another advantage of public DNS over TLS is that it can improve the performance of DNS resolution by reducing the latency and increasing the reliability of DNS responses. This is because DNS over TLS supports pipelining, which allows multiple DNS queries to be sent over a single encrypted connection, thereby reducing the handshake overhead and improving the responsiveness of the DNS resolver.
| Provider | IP | Blocking | Features |
|---|---|---|---|
| Cloudflare | 1.1.1.1 | None | DNS over TLS on port 853 |
| 1.0.0.1 | |||
| 2606:4700:4700::1111 | |||
| 2606:4700:4700::1001 | |||
| Google Public DNS | 8.8.8.8 | None | DNS over TLS on port 853 |
| 8.8.4.4 | |||
| 2001:4860:4860::8888 | |||
| 2001:4860:4860::8844 | |||
| Quad9 | 9.9.9.9 | Malware | DNS over TLS on port 853 |
| 149.112.112.112 | |||
| 2620:fe::fe | |||
| 2620:fe::9 | |||
| CleanBrowsing | 185.228.168.168 | Adult content | DNS over TLS on port 853 |
| 185.228.168.169 | |||
| 2a0d:2a00:1:: | |||
| 2a0d:2a00:2:: | |||
| CleanBrowsing | 185.228.168.9 | Malware | DNS over TLS on port 853 |
| 185.228.169.9 | |||
| 2a0d:2a00:1::2 | |||
| 2a0d:2a00:2::2 | |||
| Quadrant Information Security | 12.159.2.159 | None | DNS over TLS on port 853 |
| 2001:1890:140c::159 |
Challenges of Public DNS over TLS
While public DNS over TLS offers many benefits, it also presents some challenges that need to be addressed. One of the main challenges is that it requires additional computational resources to establish and maintain the TLS connection, which can increase the latency and reduce the performance of DNS resolution, particularly on low-powered devices.
Another challenge of public DNS over TLS is that it can be more difficult to configure and troubleshoot than traditional DNS. This is because it requires the client and the DNS resolver to support the TLS protocol and a compatible cipher suite, and the client needs to verify the identity of the resolver’s certificate to prevent man-in-the-middle attacks.
Conclusion
In conclusion, public DNS over TLS is an important development that enhances the security and privacy of DNS communications. It provides many benefits, including encryption of DNS traffic, improved performance, and enhanced privacy protections. However, it also poses some challenges that need to be addressed, such as increased latency and complexity of configuration. Overall, public DNS over TLS is a valuable tool for users who want to enhance their online security and privacy.
Small world. Big idea!
- Welcome to visit the knowledge base of SRE and DevOps!
- License under CC BY-NC 4.0
- No personal information is collected
- Made with Material for MkDocs and generative AI tools
- Copyright issue feedback me#imzye.com, replace # with @
- Get latest SRE news and discuss on Discord Channel