top of page
  • Writer's pictureLARUS Foundation

What Is DNS Encryption?  Benefits and How to check

Updated: Mar 22

1. Shielding Your Online Secrets: The Marvels of DNS Encryption

In the vast realm of the internet, where every website has its unique address, there's a behind-the-scenes hero called DNS (Domain Name System).

DNS acts like an address book, helping your computer find the right website when you type in something like "" in your browser. But here's the catch: these address lookups, known as DNS queries, are usually like open letters that anyone can read or tamper with.

Picture this: you're at a coffee shop, connecting to their Wi-Fi, and you decide to check out the latest tweets on Twitter. Little do you know, someone could be peeking into your online journey by snooping on these DNS queries. Unencrypted DNS, as it's been since 1987, leaves your online activities exposed to prying eyes.

Now, enter the heroes of the story: DNS over TLS (DoT) and DNS over HTTPS (DoH), the encryption technologies that lock down your DNS queries, making them private and secure. Let's dive into how they work and why they're like the superheroes of your online privacy.

2. How Unencrypted DNS Leaves You Vulnerable

When you connect to a Wi-Fi network or use your home internet, your computer relies on a DNS resolver to translate website names into the IP addresses they live on. The problem is, the process is typically unprotected, like sending postcards with your secrets on them. Anyone in your Wi-Fi network, your internet service provider (ISP), or even sneaky hackers can see which websites you're visiting.

Imagine if you were sending a postcard to Twitter, and someone could peek at it and even change the message before it reached Twitter. That's what can happen with unencrypted DNS – it's like broadcasting your online adventures for everyone to see.


3. Enter the Superheroes: DoT and DoH:

To save the day, two encryption methods emerged – DNS over TLS (DoT) and DNS over HTTPS (DoH). They both use Transport Layer Security (TLS), the same technology that secures your connections when you shop online or log into your email.

a) DNS over TLS (DoT)

It's like putting your DNS query inside a super-secure envelope. The client (that's you!) and the server (DNS resolver) do a secret handshake to ensure they are who they say they are. Once that's confirmed, your DNS query is sent in an encrypted package, keeping it safe from snoopers.

b) DNS over HTTPS (DoH)

Think of this as sending your DNS query in a special, secure box through the same route your browser uses for secure web connections. It's like the superhero version of your regular browsing, but for DNS.

4. Benefits of DNS Encryption

a) Privacy Protection

Encrypted DNS ensures that your online activities stay private. No one can snoop on your DNS queries and find out which websites you're visiting.

b) Security Boost

It adds a layer of security, preventing hackers from tampering with or hijacking your DNS queries. This is especially crucial on public Wi-Fi networks, where cyber villains can easily eavesdrop on your online adventures.

c) Browsing Safely

Encrypting DNS helps in preventing ISPs or on-path devices from interfering with your online activities. No one can redirect you to fake websites or modify your DNS traffic.

5. How to Check if You're Protected

a) Check Your DNS Resolver

Your device uses a DNS resolver to translate website names into IP addresses. You can change it to a more secure one, like Cloudflare's or Google's, if your network allows it.

b) Use Encrypted DNS Services

Look for DNS services that support DoT or DoH. Major public resolvers like Cloudflare's and Google DNS are on board, but not all ISPs have caught up yet.

c) Check Your Browser Settings

Some browsers, like Firefox, have options to enable DoH. It's like giving your browser a superhero cape to protect your DNS queries.

In a Nutshell

DNS encryption is your shield against prying eyes on the Internet. It's like sending your online postcards in invisible ink – only those with the right decryption key (you and the DNS resolver) can unveil the message.

So, make sure your online adventures are secured with DNS encryption because, in this digital world, every superhero needs a cape!

15 views0 comments


bottom of page