Secure DNS requests (DoT) to our resolver have been implemented using TLS encryption. This provides a layer of additional security (and privacy) for DNS requests in order to prevent eavesdropping and man-in-the-middle attacks.
Typically the Domain Name System (DNS) responsible for resolving domains and hostnames in e.g. URLs and translating them to IP addresses uses the UDP protocol and plain text.
This means anything between a device opening an URL or connecting to a specific service can be analyzed – or worse – someone could try to impersonate the server and return malicious replies.
The features requires a local client with DNS over TLS (DoT) support. Alternatively a local resolver such as unbound can be used to connect to our resolver.