How DNS over TLS works

DNS over TLS is one of the many security protocols that allow us to encrypt the queries we make when browsing the Internet. This prevents the DNS requests that we make when we enter a web page from being filtered and even Man in the Middle attacks from appearing. Let’s talk about how it works and why it is so important today. We will also see what its positive points are and what problems there could be.

What is DNS over TLS

First you have to explain how the domain name system or DNS works. This is very important when we surf the Internet, since it is what allows us to put any name of a website and be able to access the page without further ado. For example, to enter RedesZone we can put in the browser and it will show us our site.

What DNS does is “translate” that domain name that we put by the corresponding IP address. In this way, it sends a request and returns us the RedesZone page or the one we want to visit, without having to know what the IP is . Logically this makes navigation much easier, since we will not have to remember numbers without much sense, but simply know the domain name.

So what does DNS over TLS mean ? What this protocol does is encrypt that request when browsing. That is, when we try to open a page we are going to send information, which is basically the request to enter that site. Let’s say we are using a computer, we want to enter RedesZone and we put the URL in the browser. We are sending a request between a client (our computer) and a server (the destination of the page). But of course, that goes unencrypted and a third party could intercept that request and know which website we are trying to access.

DNS over TLS or also known as DNS over TLS or DoT , encrypts that request and would not be available to a third party. That is, it will travel from the client to the server in a fully encrypted way using TLS. This is what will prevent security and privacy issues.

How DNS over TLS works

This protocol is based on TLS, which is transport layer security . This is not something recent, since it was originally defined in 1999 to improve the existing SSL protocol. However, over the years it has been improving and new versions have appeared. Currently the most recent is TLS 1.3.

What TLS does is encrypt everything we send as if it were a tunnel. Therefore, DNS over TLS means that that request for domain names that is sent, travels in an encrypted form without being able to be filtered and a third party can see the content. This is the same protocol that HTTPS sites use to encrypt communications.

Specifically, it works at the top layer of the TCP / IP protocol stack. Now, for it to work properly it is important that there is compatibility. It is necessary that both the client and the server are compatible with this protocol. For example the browser we use or the operating system. Today the vast majority are.

Not all DNS servers are supported

Keep in mind that, although the number is increasing, not all DNS servers are compatible with this protocol, which provides greater privacy and security. Therefore, if we want to take advantage of DNS over TLS, we must choose correctly which one we are going to use and make sure it is compatible.

Some of the most popular such as Google DNS, Cloudflare or Quad9 do support this protocol. Specifically, for those who want to configure them, they would be the following.

  • Google : and for IPv4 addresses and 2001: 4860: 4860 :: 8888 and 2001: 4860: 4860 :: 8844 for IPv6 addresses.
  • Cloudflare : and for IPv4 and 2606 addresses: 4700: 4700 :: 1111 and 2606: 4700: 4700 :: 1001 for IPv6.
  • Quad9 : for IPv4 addresses and 2620: fe :: fe and 2620: fe :: 9 for IPv6 addresses.
  • OpenDNS : and for IPv4 and 2620 addresses: 119: 35 :: 35. And 2620: 119: 53 :: 53 for IPv6 servers.

Therefore, if we want to take advantage of the benefits of the DNS protocol through TLS, we must make use of servers like these that we have mentioned. We can always consult this information when we decide to configure some of them on our computer or mobile to surf the Internet.

Advantages and disadvantages of using DNS over TLS

So how exactly does DNS over TLS help us? What improvements can we find? We are going to summarize the main ones, to be able to identify to what extent using this protocol can be useful. We will also see some negative aspects that could affect or at least generate certain problems on certain occasions.


  • Privacy enhancement – One of the main benefits is privacy. The data we send will be encrypted and any possible intruder would not be able to access it, even if they had access to it.
  • Avoid Attacks : Also avoid Man in the Middle attacks. Thanks to DNS over TLS we are going to prevent DNS requests from being intercepted and manipulating them so that we enter dangerous sites where we can steal passwords or any attack.
  • Easy to use : Another advantage is that it is easy to use. As long as we use a compatible program and device, we will not have to do anything else.


  • Higher latency : one of the negative points is that when using this protocol the latency may increase slightly.
  • Incompatibility issues : you also have to take into account what we mentioned before that not all DNS servers are compatible. Although little by little the amount is increasing, we must always know which ones are compatible.
  • Errors if a website is not found : as the request is encrypted, if we try to enter a website and it does not respond, an error will appear.

In short, DNS over TLS is yet another of the protocols that help surf the Internet and always keep security and privacy in mind. Protecting data, preventing information from being leaked or having problems in the form of malware, is essential. We have seen that it has clear advantages, although there may be certain negative points as well.


Leave a Comment