DNS over TLS
E200693
DNS over TLS is a security protocol that encrypts traditional DNS queries and responses using Transport Layer Security to protect user privacy and prevent eavesdropping or tampering.
All labels observed (1)
| Label | Occurrences |
|---|---|
| DNS over TLS canonical | 4 |
How this entity was disambiguated
This entity first appeared as the object of triple T1808559 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: DNS over TLS Context triple: [DNS over QUIC, relatedTo, DNS over TLS]
-
A.
DNS over QUIC (DoQ)
DNS over QUIC (DoQ) is a modern DNS transport protocol that uses the QUIC encrypted, multiplexed UDP-based transport to provide faster, more secure, and more reliable DNS queries than traditional methods.
-
B.
DNSSEC
DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
-
C.
DTLS
DTLS (Datagram Transport Layer Security) is a protocol that provides TLS-like encryption, integrity, and authentication for datagram-based communications such as UDP.
-
D.
OpenDNS
OpenDNS is a cloud-delivered DNS and security service provider known for web filtering, phishing protection, and enterprise network security solutions.
-
E.
TLS
TLS (Transport Layer Security) is a cryptographic protocol that secures data transmitted over networks by providing encryption, authentication, and integrity between communicating applications.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: DNS over TLS Target entity description: DNS over TLS is a security protocol that encrypts traditional DNS queries and responses using Transport Layer Security to protect user privacy and prevent eavesdropping or tampering.
-
A.
DNS over QUIC (DoQ)
DNS over QUIC (DoQ) is a modern DNS transport protocol that uses the QUIC encrypted, multiplexed UDP-based transport to provide faster, more secure, and more reliable DNS queries than traditional methods.
-
B.
DNSSEC
DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
-
C.
DTLS
DTLS (Datagram Transport Layer Security) is a protocol that provides TLS-like encryption, integrity, and authentication for datagram-based communications such as UDP.
-
D.
OpenDNS
OpenDNS is a cloud-delivered DNS and security service provider known for web filtering, phishing protection, and enterprise network security solutions.
-
E.
TLS
TLS (Transport Layer Security) is a cryptographic protocol that secures data transmitted over networks by providing encryption, authentication, and integrity between communicating applications.
- F. None of above. chosen
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
DNS privacy protocol
ⓘ
network security protocol ⓘ |
| abbreviation | DoT ⓘ |
| alternativeTo |
DNS over HTTPS
ⓘ
DNSCrypt ⓘ |
| belongsToCategory |
Internet protocol
ⓘ
application-layer protocol ⓘ |
| canBeImplementedBy |
public DNS resolvers
ⓘ
recursive resolvers ⓘ stub resolvers ⓘ |
| canBeUsedWith | DNSSEC ⓘ |
| canUse |
TLS 1.2
ⓘ
TLS 1.3 ⓘ TLS session resumption ⓘ |
| defaultPort | 853 ⓘ |
| definedIn |
RFC 7858
ⓘ
RFC 8310 ⓘ |
| deploymentContext |
enterprise networks
ⓘ
home routers ⓘ mobile operating systems ⓘ |
| doesNotProvide |
anonymity of client IP address
ⓘ
protection against malicious DNS data without DNSSEC ⓘ |
| encrypts |
DNS queries
ⓘ
DNS responses ⓘ |
| IANAServiceName | dot ⓘ |
| improves |
resistance to DNS manipulation on-path
ⓘ
resistance to DNS traffic monitoring ⓘ |
| layer | above TCP transport layer ⓘ |
| operatesOn | DNS traffic ⓘ |
| protects | user privacy ⓘ |
| protectsAgainst |
eavesdropping
ⓘ
tampering ⓘ |
| relatedTo |
DNS privacy
ⓘ
encrypted DNS ⓘ |
| requires |
TLS handshake
ⓘ
X.509 certificates ⓘ support from both client and resolver ⓘ |
| runsOver |
Transmission Control Protocol
ⓘ
surface form:
TCP
|
| secures | stub resolver to recursive resolver communication ⓘ |
| securityProperty |
confidentiality of DNS data in transit
ⓘ
integrity of DNS data in transit ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| supportsFeature |
optional client authentication
ⓘ
server authentication ⓘ |
| supportsMode |
opportunistic mode
ⓘ
strict mode ⓘ |
| usesPort | 853/tcp ⓘ |
| usesProtocol |
TLS
ⓘ
surface form:
Transport Layer Security
|
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: DNS over TLS Description of subject: DNS over TLS is a security protocol that encrypts traditional DNS queries and responses using Transport Layer Security to protect user privacy and prevent eavesdropping or tampering.
Referenced by (4)
Full triples — surface form annotated when it differs from this entity's canonical label.