DNS and privacy: what to pick and why
DNS translates domain names into IP addresses. Historically DNS queries were sent in the clear, so your ISP could see every site you visit. Today DoH (DNS over HTTPS) and DoT (DNS over TLS) encrypt those lookups and hide them from intermediaries.
DoH vs DoT
| Parameter | DoH (DNS over HTTPS) | DoT (DNS over TLS) |
|---|---|---|
| Port | TCP/443 (standard HTTPS) | TCP/853 (dedicated) |
| Camouflage | Blends in with web traffic | Easier to spot due to the port |
| Blocking | Harder to block selectively | Simple to block via port 853 |
Which resolver should you use?
Popular picks:
- Cloudflare (1.1.1.1): Speed-centric.
- Quad9 (9.9.9.9): Security-focused (blocks malicious domains).
- AdGuard DNS: Filters ads and trackers.
If privacy matters most, choose a public resolver with a clear policy and minimal logging.
Key considerations
-
System integration: Configure DoH/DoT at the OS level or inside your browser. On mobile, use Private DNS (Android) or configuration profiles.
-
DNS leaks: A misconfigured VPN can leak DNS outside the tunnel. Double-check that DNS runs through the VPN connection.
Takeaway
Picking the right resolver, enabling encryption, and eliminating leaks is a quick and inexpensive privacy upgrade. DNS won’t magically speed up the internet, but paired with a VPN it keeps connections stable and safer.