Enabling DNS over TLS On Android

Android version Pie 9 has a new feature called Private DNS that allows you to permanently force the DNS to a secure DNS provider. If you are not on Android version 9 or newer there may be apps that allow you to accomplish the same thing.

DNS over TLS versus DNS over HTTPs

The biggest difference between DNS over TLS and DNS over HTTPS is there is a dedicated port for DNS over TLS, which is 853. This brings in concerns as your DNS queries are unable to hide itself as regular web traffic.

There are arguments against DNS over HTTPS in that it is harder for network administrators to monitor DNS traffic. There are tools that help protect organizations by preventing certain domain names being resolved and comparing the domain query names against threat communities.

Enabling Android Private DNS (DNS over TLS)

This is the easiest method to permanently change your DNS settings on Android 9 and newer devices. Navigate to Settings -> Network & Internet- > Advanced. Once you are there you will see an navigation option for private DNS. There will be three options that you can chose from. Off, Automatic, and Private DNS provider host name. You can select Private DNS provider host name and enter one of the following host names.

  • 1dot1dot1dot1.cloudflare-dns.com
  • dns.quad9.net