Almost every activity on the Internet starts with a DNS query, a key function of the Internet that works as an Internet’s directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com).
Since DNS queries are sent in clear text over UDP or TCP without encryption, the information can reveal not only what websites an individual visits but is also vulnerable to spoofing attacks.
To address these problems, Google announced Wednesday that its Public DNS (Domain Name System) service finally supports DNS-over-TLS security protocol, which means that the DNS queries and responses will be communicated over TLS-encrypted TCP connections.
The DNS-over-TLS has been designed to make it harder for man-in-the-middle attackers to manipulate the DNS query or eavesdrop on your Internet connection.
Launched over eight years ago, Google Public DNS, at IP addresses 220.127.116.11 and 18.104.22.168, is world’s largest public Domain Name Service recursive resolver that most people prefer instead of using default DNS services from their ISPs or carriers.
The search engine giant also says that it implemented the DNS-over-TLS specification along with the RFC 7766 recommendations to minimize the overhead of using TLS, which include support for:
- TLS 1.3 for improved security and faster connections
- TCP fast open
- Pipelining of multiple queries
- Out-of-order responses over a single connection to its public DNS server