Secure DNS transport methods

Abstract: The Domain Name System (DNS) is a large cornerstone in internet traffic. It translates domain names to IP addresses. Standard DNS(Do53) does not encrypt any of its traffic which leads to some security issues. Mainly that others are able to extract information and tamper with the DNS requests and responses. Two promising secure DNS protocols are DNS over HTTPS (DoH) and DNS over TLS (DoT). They use encryption and authentication in the transfer of data to prevent the issues caused by standard DNS. In this paper a study is presented that compares the two mentioned secure DNS protocols along with Do53 in terms of latency in resolving request. The findings show that DoT latency is in general higher then DoH under the testing circumstances. Do53 latency is lower then both of the secure protocols except in some edge cases where DoH received the lowest latency from a single request. Included with the finding is also several recommendations on how the testing can be expanded to cover a larger scope of DNS transport methods than the test performed in this study.