TLS comes to Google public DNS with support for DNS-over-TLS connections

In a blog post yesterday, Google announced that their public DNS will now support transport layer security (TLS).

Google DNS

Google’s public Domain Name Service (DNS) is the world’s largest address resolver. The service allows anyone using it to convert a human readable domain name into addresses used by browsers. Similar to search results, domains visited by DNS can also expose sensitive information. With DNS-over-TLS, users can add security to queries between devices and Google public DNS.

Google DNS-over-TLS

The need for security from forged websites and surveillance has grown over the years. The DNS-over-TLS protocol used contains a standard way to secure and maintain privacy of DNS traffic between users and the resolvers. Users can secure connections to Google Public DNS with TLS. It is the same technology that makes HTTPS connections secure.

The DNS-over-LTS specifications are implemented according to the RFC 7766 recommendations. Doing so minimizes the overhead of using TLS, supports TLS 1.3, TCP fast open, and pipelining multiple queries over a single connection. This is deployed Google’s own infrastructure which they claim provides reliable and scalable management for the DNS-over-TLS connections.

Enabling DNS-over-TLS connections

DNS-over-TLS can be used by Android 9 pie users. Linux users can use the stubby resolver to communicate with the DNS-over-TLS service. You can create an issue if you are facing one.

A comment from Hacker news says: “This is a DNS provided by Google, a company that earns money by analysing user data. If you want privacy, run your own DNS.”

But Google has stated in their guides that they do not store any personally identifiable information long term.

Cloudflare’s 1.1.1.1 DNS service is now available as a mobile app for iOS and Andro

Root Zone KSK (Key Sign Key) Rollover to resolve DNS queries was successfully completed

Mozilla’s new Firefox DNS security updates spark privacy hue and cry