DNS services that offer DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) provide encrypted DNS resolution, ensuring that DNS queries are protected against eavesdropping and tampering. These services encrypt the communication between the DNS client and the DNS resolver, enhancing user privacy and security on the internet.
This protocol sends DNS queries via HTTPS, effectively making use of the same infrastructure and port (443) used for secure web browsing. It helps in hiding DNS traffic within regular HTTPS traffic, thereby increasing privacy as it becomes harder to distinguish from other HTTPS traffic.
Unlike DoH, DoT uses the TLS protocol specifically for DNS traffic over a dedicated port (usually port 853). It provides end-to-end encryption for DNS queries and responses, ensuring that they cannot be intercepted or modified by third parties.