Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


For an expert review of this topic recommended reading is DNS Privacy Considerations.

The solution?

For a full discussion of the options available please see DNS Privacy - The Solutions.

One proposed solution is to change DNS to use TLS to send queries. TLS is an encrypted protocol (it is the same transport used for HTTPS) which will prevent passive surveillance of the network revealing users' DNS queries. This will also allow users to validate the server they choose for their DNS service to make sure they are using a provider who has a good privacy policy for how they handle user data. However this is a non-trivial change in the way DNS works and will not happen overnight. 

At the moment only a handful moment  several of experimental DNS servers  and two major operators support DNS-over-TLS and no desktop or mobile operating systems support DNS-over-TLS as a built-in option yet. (Many users have resorted to using Google Public DNS  on to bypass their local ISP for censorship/surveillance reasons but sadly it doesn't support DNS-over-TLS yet.) Work is in progress on building Apps  No desktop operating systems natively support DNS-over-TLS as a built-in option yet but Android does. Several options are available though, see Clients (e.g. Stubby) for end users that will enable them to choose to use DNS-over-TLS and to select the specific DNS server they want to use. 

It is possible that in future a different transport might be used for DNS (e.g. HTTPS or QUICActive work is also underway at the IETF on DNS-over-HTTP (DOH) but today the only method standardized by the IETF is DNS-over-TLS.