The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.
[16] Linux and Windows users can use DNS over TLS as a client through the NLnet Labs stubby daemon or Knot Resolver.
[20] systemd-resolved is a Linux-only implementation that can be configured to use DNS over TLS, by editing /etc/systemd/resolved.conf and enabling the setting DNSOverTLS.
[35][36][37][38][39][12] In that scenario, DNS queries are checked against block lists once they are received by the provider rather than prior to leaving the user's router.
On the basis of privacy and security, whether or not a superior protocol exists among the two is a matter of controversial debate, while others argue the merits of either depend on the specific use case.
[40] DNSCrypt is another network protocol that authenticates and encrypts DNS traffic, although it was never proposed to the Internet Engineering Task Force (IETF) with a Request for Comments (RFC).