We’ve added support for DNS-over-TLS (DoT) and DNS-over-QUIC (DoQ) to our Primary DNS and Secondary DNS services.
DNS-over-TLS uses TCP port 853. It encrypts and wraps DNS queries and answers with the TLS protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.
DNS-over-QUIC uses UDP port 853. It has privacy properties similar to DNS over TLS, but uses the QUIC transport protocol. It reduces latency through 0-RTT/1-RTT handshakes, and eliminates head-of-line blocking using UDP.
We are using dnsdist to support new these new query methods on top of standard DNS.