DNS-over-TLS and DNS-over-HTTPS
This documentation describes the features and configurations of Google SafeSearch, DNS-over-TLS (DoT), and DNS-over-HTTPS (DoH), which have been implemented in PDNS.
Nota
The Resolvers page has been updated with this information. To make changes or create new configurations, refer to the corresponding section.
Google SafeSearch
Google SafeSearch is a feature that allows filtering explicit content in Google search results. It can be configured in three modes:
Strict: Filters as much explicit content as possible.
Moderate: Filters some explicit content while allowing certain results.
Disabled: Does not apply any filtering to search results.
This configuration affects not only Google Search, but also other web services that use SafeSearch, such as YouTube, Bing, and DuckDuckGo, as well as some browsers with integrated parental controls.
DNS-over-TLS (DoT)
DNS-over-TLS (DoT) is a protocol that encrypts DNS queries to protect user privacy. It differs from traditional DNS in that:
It uses TCP port 853 instead of UDP port 53.
It prevents third parties from monitoring DNS queries.
It can be enabled or disabled according to the provider’s policy.
Although it improves privacy, it can also make it more difficult to detect security threats, such as attacks or malware infections, since DNS traffic is encrypted.
DNS-over-HTTPS (DoH)
DNS-over-HTTPS (DoH) also encrypts DNS queries, but does so through the HTTPS protocol using port 443. This presents both advantages and disadvantages:
Advantages: Improves privacy and prevents DNS query monitoring.
Disadvantages: It may facilitate data exfiltration between compromised devices and malicious servers, since the traffic is hidden within legitimate HTTPS connections.
Since some browsers offer it by default and some users request it, Planisys provides it as a configurable option.
