In a blog post yesterday, Google announced that their public DNS will now support transport layer security (TLS).
Google’s public Domain Name Service (DNS) is the world’s largest address resolver. The service allows anyone using it to convert a human readable domain name into addresses used by browsers. Similar to search results, domains visited by DNS can also expose sensitive information. With DNS-over-TLS, users can add security to queries between devices and Google public DNS.
The need for security from forged websites and surveillance has grown over the years. The DNS-over-TLS protocol used contains a standard way to secure and maintain privacy of DNS traffic between users and the resolvers. Users can secure connections to Google Public DNS with TLS. It is the same technology that makes HTTPS connections secure.
The DNS-over-LTS specifications are implemented according to the RFC 7766 recommendations. Doing so minimizes the overhead of using TLS, supports TLS 1.3, TCP fast open, and pipelining multiple queries over a single connection. This is deployed Google’s own infrastructure which they claim provides reliable and scalable management for the DNS-over-TLS connections.
Enabling DNS-over-TLS connections
A comment from Hacker news says: “This is a DNS provided by Google, a company that earns money by analysing user data. If you want privacy, run your own DNS.”
But Google has stated in their guides that they do not store any personally identifiable information long term.