DNS over TLS

DNS over TLS in a nutshell: The intention of DNS over TLS is to encrypt traffic between the user and the DNS server in order for the ISP (or others) not to know what domains the user is requesting. The intention therefore is to enhance privacy for users. In reality however, using or offering DNS over TLS does not mean that the ISP (or others) will not know what websites are being requested as there is plaintext server name indication sent prior to an encrypted https session.

Using DNS over TLS is not that great for privacy and as recursion are mostly offered by the user’s ISP anyway, there is no real privacy benefit of encrypting DNS requests on the network.

There are limited, or no security benefits to using DNS over TLS.

DNS over TLS is also (not yet) an IETF standard

DNS over TLS does not provide you any security and has very limited privacy benefits.

Read more about server name indication on Wikipedia:  https://en.wikipedia.org/wiki/Server_Name_Indication

DNS Security is provided by your domain using DNSSEC – but also only if the user can trust the resolver they choose to use. If your ISP resolver tells you that example.com is at – then for you, that is the truth, no matter what the DNSSEC records for example.com says….