CyberTech

Level 22
Verified
Google announced that their public Domain Name System (DNS) service now comes with support for the DNS-over-TLS security protocol which wraps DNS queries and answers using the Transport Layer Security (TLS) protocol.

DNS resolvers are the ones working restlessly in the background to convert domain names such as google.com to their corresponding IP address the web browsers use to connect to that specific website's web server.

The DNS-over-TLS is used to protect DNS resolvers and the ones who use them against man-in-the-middle attacks which a third party could use to eavesdrop on Internet connections or manipulate DNS data with malicious intent.

The DNS-over-TLS protocol specifies a standard way to provide security and privacy for DNS traffic between users and their resolvers. Now users can secure their connections to Google Public DNS with TLS, the same technology that protects their HTTPS web connections.

The just upgraded Google Public DNS was launched on December 3, 2009, becoming the world's most used DNS resolver with "400 billion responses per day and more than 50% of them are location-sensitive."

DNS-over-TLS available for Android 9 Pie users starting today

Google is the fifth entity which decided to add DNS-over-TLS support to its public DNS resolver service, with Cloudflare, CleanBrowsing, Quadrant Information Security, and Quad9 being the first companies to do it.

The search giant has implemented the DNS-over-TLS specification using IETF's RFC 7766 recommendations to "minimize the overhead of using TLS."

As a direct consequence, Google's DNS-over-TLS implementation comes with support for pipelining of multiple queries and out-of-order responses using a single connection to its public DNS server, as well as for TLS 1.3 which provides improved security and faster connections.

According to Google's announcement, DNS-over-TLS is available for Android 9 Pie users starting today.

Android 9 (Pie) device users can use DNS-over-TLS today. For configuration instructions for Android and other systems, please see the documentation. Advanced Linux users can use the stubby resolver from dnsprivacy.org to talk to Google’s DNS-over-TLS service.