DNS over TLS
DigitalStakeout PDNS supports DNS over TLS (DoT) by default and it is being widely adopted as standard for securing the DNS traffic.
DNS over TLS (DoT) Support
DNS over TLS (DoT) is a technique that encrypts the communications between a DNS client and a DNS resolver using the Transport Layer Security (TLS) protocol. It aims to enhance the privacy and security of the Domain Name System (DNS) by encrypting the traffic between the client and the server.
In traditional DNS, client requests and server responses are transmitted in plaintext, making them vulnerable to eavesdropping, tampering and censorship. This means that an attacker can intercept and read the queries and answers, potentially gaining sensitive information about a user's browsing history. Additionally, this can also be used to perform Man-in-the-Middle (MitM) attacks, where the attacker can modify the answers to redirect the user to a malicious site.
DNS over TLS (DoT) encrypts the DNS requests and responses by wrapping them in a secure, encrypted connection that utilizes the same methods as HTTPS (TLS). This makes it much more difficult for an attacker to intercept and read the traffic, and helps to protect sensitive information from being exposed.
To establish a secure communication with DoT, a client and a server must agree on a set of cryptographic protocols, such as Cipher Suite and a server certificate.
To use DoT, both the client and the server must support it. The client needs to use a software or an application that supports DoT, and the DNS resolver needs to support DoT as well and be configured to accept DoT connections.