TLS over DNS
TLS over DNS: By default, DNS is sent over a plaintext connection. DNS over TLS is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.

▪ The DNS resolver stores a base64 encoded SHA256 hash of (local) TLS certificate
▪ DNS resolver establishes a TCP connection with (local)
▪ DNS resolver initiates a TLS handshake
▪ In the TLS handshake, (local) presents its TLS certificate.
▪ Once the TLS connection is established, the DNS resolver can send DNS over an encrypted connection, preventing eavesdropping and tampering.

Return to Previous Page
Technical Doc