Google this week announced that Google Public DNS is now using TLS protocol, a standard way to provide security and privacy for DNS traffic between users and their resolvers. Google says that now users can secure their connections to Google Public DNS with TLS, the same technology that protects their HTTPS web connections.
Cloudflare, last year in April, launched a public DNS-over-TLS. According to DNSPerf, it is faster than Google DNS. Clouflare is also available in iOS and Android.
Here the results for the last 30 days:
According to Marshall Vale, Product Manager and Puneet Sood, Software Engineer, Google implemented the DNS-over-TLS specification along with the RFC 7766 recommendations to minimize the overhead of using TLS. These include support for TLS 1.3, TCP fast open, and pipelining of multiple queries and out-of-order responses over a single connection.
What is the DNS-over-TLS?
A DNS resolver converts Internet domain names like http://www.google.com into Internet addresses needed by an email application or web browser. According to Google, just as your search queries can expose sensitive information, the domains you lookup via DNS can also be sensitive.
By using a DNS-over-TLS, users can secure queries between their devices and Google Public DNS with DNS-over-TLS, preserving their privacy and integrity.