What is DNS over TLS?
A protocol that encrypts DNS queries using TLS, preventing ISPs and network observers from seeing which websites you're looking up.
DNS over TLS (DoT) wraps DNS queries in a TLS connection, encrypting them in transit. It serves the same purpose as DNS over HTTPS but uses a dedicated port.
How It Differs from DoH
- DoT uses port 853 — network admins can see you're using encrypted DNS
- DoH uses port 443 (same as HTTPS) — encrypted DNS looks like normal web traffic
- DoT is easier to block; DoH is harder to distinguish from regular browsing
Providers
- Cloudflare (1.1.1.1)
- Quad9 (9.9.9.9)
- Google (8.8.8.8)
- NextDNS (custom filtering)
Setup
- Android 9+: Settings > Network > Private DNS
- Linux: systemd-resolved supports DoT natively
- Router-level: Some routers support DoT configuration
Related Terms
DNS Leak
A security flaw where DNS queries bypass your VPN or proxy and are sent through your normal ISP connection, revealing the websites you visit even when your other traffic is protected.
DNS over HTTPS
A protocol for performing DNS resolution via the HTTPS protocol. It encrypts DNS queries, preventing ISPs, network administrators, and attackers from seeing which websites you're trying to visit.
TLS
Transport Layer Security is a cryptographic protocol designed to provide secure communication over a computer network. TLS encrypts the connection between your browser and web servers, ensuring privacy and data integrity. It's the technology behind HTTPS.
Have more questions?
Use our guided flow to get the right next privacy step for DNS over TLS.
Open Guided Flow