Sometimes it's a bit confusing on the difference between DNS over TLS, and DNS over HTTPS. All may perhaps sound like they are usually the same thing, but there is a significant difference. To a lay mind over TLS, and DNS over HTTPS may seem like items that can get used interchangeably. All get used in accomplishing a similar task of encrypting DNS requests, and the primary differentiator is the port they usually use.
In simple terms, DNS denotes Domain Name System. DNS gets mostly used when one is surfing the internet and inputs a URL, which in return, a DNS server picks up and locates the IP address to resolve it. The struggle of people remembering the IP addresses gets bypassed with the use of DNS.
The main point of encrypting data while online is usually to deal with the issue of identity theft. This problem is most common in the first world, apart from identity theft, the other challenge why we need our data encrypted while online is to protect our liberty or life and restrict some of the stuff we don't want to be accessed.
Some of the differences between these encryption protocols for DNS requests include the following;
The DNS over TLS usually employs the use of TCP as its primary connection protocol and also the layers over TLS authentication and encryption. On the other hand, DNS over HTTPS employs the use of HTTPS/ and HTTP/2 to complete a connection successfully.
The most crucial distinction is the port affected and used by these protocols. Port 853 is usually used and owned by DNS over TLS. Similarly, port 443 is generally used by DNS over HTTPS. This port mainly makes the standard port for all HTTPS traffic.
In some cases, having a dedicated port may, at times, sound like a benefit, but in some instances, it usually not an advantage. One of the significant risks with such a dedicated port is when a DNS over TLS that uses a dedicated port and everyone in any network level has access to everything, and they have the capabilities of even blocking them. Unlike their counterpart, where DNS over HTTPS requests are hidden and usually encrypted through the entire traffic.
When it comes to DNS over HTTPS, it's challenging to know what is being requested, unlike when it's the case with DNS over TLS. DNS over TLS and as well DNS over HTTPS is usually viewed as a two standard protocol basically for encrypting plain text traffic from DNS. Mostly this encryption prevents attacks by malicious third parties, ISP, and advertisers.
DNS over TLS encrypts queries and primarily keeps these queries private. Sometimes this connection is referred to as DoT and uses the same security protocol that HTTPS uses when it is encrypting websites and in its communication authentication. Sometimes one may wonder what is TLS? TLS is what is commonly known as SSL. On top of user datagram protocol or UDP, DoT usually adds an extra layer of encryption on top of it. It is an added extra security that is used in DNS queries and ensures the responses and requests from DNS are secure and safe from man in the middle attacks.
