Today’s official Google blog post announced that Google’s public DNS server officially supports DNS-over-TLS encryption, providing users with convenient access while protecting privacy.
Google’s public DNS server is the world’s largest and most user-friendly public server and allows all users to use this server to resolve domain names for free. However, for the user to use the public DNS server to access the website may be stolen browsing records, such as operators can monitor the access traces.
We know that the HTTPS encryption security protocol can effectively prevent man-in-the-middle attacks, and it can also allow the middleman or operator to monitor the user’s real-time access information. At present, many operators insert advertisements in the pages accessed by users through traffic hijacking, and web pages encrypted using HTTPS will not be affected. In the DNS field, there was no encryption. Even if the webpage is an HTTPS connection, the operator can still see the webpage address of the website that the user browses.
DNS-over-TLS is a TLS encryption function specially designed for DNS servers. It starts the entire process of encryption from the user to prevent the operator from viewing the web address.
Google said that since the launch of Google’s public DNS server eight years ago, the network environment has changed a lot, and users urgently need to protect their privacy. The task of Google’s public DNS is to improve the security and accuracy of DNS for all users around the world, so Google DNS began to support DNS-over-TLS Security.
Currently, Google’s public DNS has fully accessed DNS-over-TLS Security encryption and minimizes TLS overhead, including TLS 1.3 and TCP protocol opening. Encryption has an impact on query speed, but after optimization, the impact is very small, and most users will not feel the delay caused by encryption.
Google Public DNS Address: IPv4：220.127.116.11 / 18.104.22.168 IPv6：2001:4860:4860::8888 / 2001:4860:4860::8844