til icon indicating copy to clipboard operation
til copied to clipboard

Published 20 hours ago verified publisher icon xluffy

DoT vs DoH

Open xluffy opened this issue 9 months ago • 0 comments

Wait, doesn't HTTPS use TLS for encryption too? How are DNS over TLS and DNS over HTTPS different?

Each standard was developed separately and has its own RFC documentation, but the most important difference between DoT and DoH is what port they use. DoT only uses port 853, while DoH uses port 443, which is the port that all other HTTPS traffic uses as well.

Which is better, DoT or DoH?

This is up for debate. From a network security standpoint, DoT is arguably better. It gives network administrators the ability to monitor and block DNS queries, which is important for identifying and stopping malicious traffic. DoH queries, meanwhile, are hidden in regular HTTPS traffic, meaning they cannot easily be blocked without blocking all other HTTPS traffic as well.

However, from a privacy perspective, DoH is arguably preferable. With DoH, DNS queries are hidden within the larger flow of HTTPS traffic. This gives network administrators less visibility but provides users with more privacy.

https://www.cloudflare.com/learning/dns/dns-over-tls/

xluffy avatar May 17 '24 06:05 xluffy