This new characteristic simplifies the system of configuring a custom secure DNS resolver on Android, which means events between your device and the internet sites you visit won’t be capable of snoop on your DNS queries as a result of they’ll be encrypted. The protocol behind this, TLS, is also responsible for the golf green lock icon you see to your address bar when visiting internet sites over HTTPS. The same generation turns out to be useful for encrypting DNS queries, guaranteeing they cannot be tampered with and are unintelligible to ISPs, mobile carriers, and any others in the network path among you and your DNS resolver. These new defense protocols are called DNS over HTTPS, and DNS over TLS.
TLS is the protocol that encrypts your traffic over an untrusted communication channel, like when shopping your email on a cafe’s wireless community. Even with TLS, there remains to be no way of understanding in the event that your connection to the DNS server has been hijacked or is being snooped on by 1/3 party. This is enormous because a bad actor could configure an open WiFi hotspot in a public place that responds to DNS queries with falsified facts as a way to hijack connections to common email providers and online banks. DNSSEC solves the challenge of making certain authenticity by signing responses, making tampering detectable, but leaves the body of the message readable by anyone else on the wire.