What is DNS over TLS?

You might think that your web experience is as private as it can be, but it’s not – yet.

If you use a private browser (like Chrome’s Incognito Mode or Firefox Focus), your browsing history can not be discovered by people who share your computer. If you use a private browser with true VPN capabilities, your IP address can not be discovered by Internet Service Providers (ISPs). But ISPs are in many cases, still capable of finding out which websites you’ve visited – even if they can’t see your on-site activity.

A lot happens each time you visit a website. It might seem as though it’s only a two step process: typing in a URL and hitting “enter.” But many micro interactions actually take place between the time spent clicking “enter” and being directed to a web page. These interactions between browser and server are called online communications because messages are literally sent between them; these messages relay data that transport you from URL to online destination.

There are two different types of internet protocols that handle web traffic: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). When you type a web URL (or Uniform Resource Locator) into your browser and hit “enter,” one of these IPs (internet protocols) handles that request – which takes place between browser and server.

TLS (Transport Layer Security) is a protocol that supersedes SSL (Secure Sockets Layer). TLS is supposed to establish secure communications for requests made between browser and server. However, the request being processed often takes place in plaintext (or HTML) via TCP or UDP (not very secure after all).

TCP for instance, sends data bidirectionally upon establishing a connection. This means that while your browser is receiving information about the site you’re trying to visit, information about you is simultaneously being transmitted to a DNS (or Domain Name Server).

Basically, that means that the raw transcription of the online connection you’re trying to make often ends up out in the open – so anyone who knows where to look, can.

But DNS over TLS changes that. This protocol demands that a TLS certificate is negotiated in order for the DNS request to be processed, establishing a secure (encrypted) connection to shield information that reveals where you’re coming from (your IP address) and where you’re going (site URL).

Unfortunately, not all servers support DNS over TLS, although more are as time goes on. For instance, all Android apps will soon support the protocol, and Google announced late October that its servers would as well. But for the time being, it can be hard to tell if the connection your computer is attempting between browser and DNS is as secure as it can be.

This is a connection that is initiated each time you visit a website. It affects your day to day browsing activities, regardless of where and how you’re accessing the web. Without a hyper secure protocol like DNS over TLS, you’re effectively leaving a foot trail behind you in the snow.

That’s why we created Tenta DNS – our own open source DNS over TLS resolver. Tenta DNS is also now available in Tenta Browser – if you haven’t downloaded our latest release yet, you can do so on Google Play.

Share this post

About Tenta

Tenta is a next generation browser designed for privacy and security. Built-in true VPN, full data encryption, video downloader, secure medai vault, HTTPS Everywhere, Tenta DNS, and more.

View all posts by Tenta >

Install Tenta Browser Free!

Start protecting your online privacy today with Tenta Browser.

Download Tenta Browser Google Play Button