Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit

By | 22nd October 2017

A DNS (Domain Name Server) is what translates a website address from a URL that you enter to an IP address which your computer actually connects to. For example, when you type “” into your browser, your computer queries a DNS which looks up and returns the IP address “” to the client. This process is hidden from the user, but every website you visit (so long as it has a human-readable URL) will go through this same process. The problem for those security conscious out there is that these requests are done in plain text through UDP or TCP protocols which are readable by anyone that can see your connection, including your ISP if you use their DNS. This is where DNS over TLS comes in.

DNS over TLS is a protocol where DNS queries will be encrypted to the same level as HTTPS and thus a DNS can’t actually log or see the websites you visit. This uses TLS, or Transport Layer Security, to achieve this encryption. This does require the DNS you are using to have DN over TLS support, though, but it’s a start. Users can switch to Google’s DNS if they wish to benefit from DNS over TLS.

It appears that “DNS over TLS” support is being added to Android, according to several commits added to the Android Open Source Project (AOSP). The addition in the Android repository shows that a new setting will be added under Developer Options allowing users to turn on or off DNS over TLS. Presumably, if such an option is being added to Developer Options, then that means it is in testing and may arrive in a future version of Android such as version 8.1.

About half of all website traffic is now encrypted, and adding DNS over TLS will work to further improve user privacy. Keep in mind that most DNS does not support this encryption, and changing the DNS on your phone requires either root access or the use of a VPN app.