DNS-over-TLS has been a buzzword in the net privacy ecosystem for a while now, and for good reason: with data breaches and internet snooping increasing year by year, the demand for more sophisticated tools of protection is at an all-time high. DNS-over-TLS is one of those tools and is a must-have feature of any VPN worth its salt.

In this post, we’ll take a gentle look at what DNS-over-TLS is, why it’s important, and how you can test that it’s functioning. But first, to understand DNS-over-TLS, you should have a basic understanding of DNS. Step right this way and let’s begin the adventure!

What is DNS?

DNS is short for Domain Name System and is often referred to as the master “contact list” or “phonebook” of the Internet. In other words, it’s a massive database containing the name and IP address of every public website on the net. The contact list you’d typically find on a smartphone is a good comparison, so let's start there and learn a little more about DNS!

When we want to make a phone call, dialing the number like back in the good old days isn’t really necessary. We simply look up our contact’s name (example, “Keanu Reeves”), tap on it, and the phone automatically dials the number that we’ve stored under Mr. Reeves. Whoaaaaa!

>If we want to visit a website, we usually get there through a similar process of clicking, tapping, or typing in a name too. What we don’t do is dial a website’s number, or more precisely, go there using its IP address. An IP address, like a telephone number, is a unique set of numbers that identifies the location of any device connected to the Internet. We don’t need to worry about remembering the IP addresses for Google, Amazon, Twitter, Ebay, or any public website for that matter. That would be a headache of epic proportions. This is where DNS, the phonebook of the Internet, comes to the rescue!

DNS does the dirty work!

When we type “alexwinter.com” into our browser’s URL bar and press Enter, our first stop is a special computer called a DNS server. It is there that the server looks up our request alexwinter.com, grabs its corresponding IP address 208.113.184.180, and hands it off to our browser. From there, the browser uses the IP address to connect us to our final destination, Alex Winter’s homepage. And thus completes a most excellent adventure!

(As a side note, there’s many DNS servers throughout the world and your ISP (Internet Service Provider) will assign one to you. However, you’re not locked in. Choosing a different DNS server yourself is an option. In fact, Tenta uses its own privacy-first solution, Tenta DNS. Visit the following page to learn all about Tenta DNS!)

So, now that we understand DNS takes the domain name of the website we’re trying to visit and translates it to its IP address for our browser to read, let’s see how DNS-over-TLS is used to enhance our privacy when using the Internet.

What’s DNS-over-TLS (DoT)?

On top of already encrypting your traffic when in use, Tenta Browser takes advantage of the TLS (Transport Layer Security) protocol to conceal your web requests even further. If a data leak in your connection were to ever happen, your DNS requests will remain encrypted with DoT in place.

A warning about ISP snooping!

If you’re not actively using a VPN browser like Tenta to protect yourself while surfing the net, your Internet Service Provider is keeping tabs on you. ISPs do have the ability to track such things as your browsing history and website requests. They can even sell your data to ad companies for big bucks. Now that’s totally bogus! The extra layer of security DNS-over-TLS provides goes a long way in keeping your data safe from the likes of greedy ISPs (and hackers too).

How to test if DNS-over-TLS is working!

We offer the most comprehensive browser privacy test available. And for free! To check that DNS-over-TLS is working properly, visit: https://tenta.com/test/. Once there, scroll down to the section titled ADVANCED DNS LEAK TEST. Just below that is a table containing a wealth info about the DNS server you’re currently using. Look for the column titled TLS ENABLED. If the values are “true”, DNS-over-TLS is working! You can rest assured that your DNS requests are super protected!