DNS-over-TLS y DNS-over-HTTPS

This documentation describes the functionalities and configurations of Google SafeSearch, DNS-over-TLS (DoT), and DNS-over-HTTPS (DoH), which have been implemented in PDNS.

The Resolvers page has been updated with this information. To make modifications or add new configurations, please refer to the corresponding section.

Google SafeSearch

Google SafeSearch is a feature that allows filtering explicit content in Google search results. It can be configured in three modes:

Strict: Filters the maximum possible amount of explicit content.

Moderate: Filters some explicit content while allowing certain results.

Disabled: Does not apply any filtering to search results.

This configuration affects not only Google search but also other web services that use SafeSearch, such as YouTube, Bing, and DuckDuckGo, as well as some browsers with built-in parental controls.

DNS-over-TLS (DoT)

DNS-over-TLS (DoT) is a protocol that encrypts DNS queries to protect user privacy. It differs from traditional DNS in that:

It uses TCP port 853 instead of UDP 53.

Prevents third parties from monitoring DNS queries.

It can be enabled or disabled according to the provider’s policy.

While it enhances privacy, it can also make detecting security threats, such as attacks or malware infections, more difficult, as DNS traffic is encrypted.

DNS-over-HTTPS (DoH)

DNS-over-HTTPS (DoH) also encrypts DNS queries, but it does so through the HTTPS protocol, using port 443. This presents both advantages and disadvantages:

Advantages: Enhances privacy, prevents DNS query monitoring.

Disadvantages: It can facilitate data exfiltration between compromised devices and malicious servers, as the traffic is hidden within legitimate HTTPS connections.

Since some browsers offer it by default and some users request it, Planisys provides it as a configurable option.

Configuration and Modifications

To view or modify the resolver configuration, see the updated page at:

Resolvers

../_images/dnsotla-1.png

To enable or modify the configuration of DNS-over-TLS, DNS-over-HTTPS, or Google SafeSearch, access:

Advanced Configuration

../_images/dnsotls-2.png

In the following video, we can observe the previously mentioned options: