DNS-over-TLS and DNS-over-HTTPS

2018-09-05 - News - Tony Finch

The University's central recursive DNS servers now support encrypted queries. This is part of widespread efforts to improve DNS privacy. You can make DNS queries using:

  • Traditional unencrypted DNS using UDP or TCP on port 53 ("Do53")

  • DNS-over-TLS on port 853 - RFC 7858

  • DNS-over-HTTPS on port 443 - RFC 8484

Amongst other software, Android 9 "Pie" uses DoT when possible and you can configure Firefox to use DoH.

There is more detailed information about Cambridge's DNS-over-TLS and DNS-over-HTTPS setup on a separate page.