Alibaba Cloud public DNS provides fast, stable, and secure DNS resolution for Internet users. Traditional DNS queries and responses are transmitted in UDP or TCP plaintext, which poses the following risks:

  • Network listening: DNS queries and responses are not encrypted during transmission even if you access a website in HTTPS mode.
  • DNS hijacking: Traditional DNS responses may be tampered with, and accesses may be routed to phishing websites or malicious websites.
  • Interference from intermediate devices: The interference includes firewall interception or tampering, filtering of domain names, and IP fragmentation.

In response to the preceding challenges, Alibaba Cloud public DNS provides the secure transmission services of Domain Name System (DNS) in compliance with DNS over HTTPS (DoH) as specified in the RFC 8484 specifications and DNS over TLS (DoT) as specified in the RFC 7858 specifications. It also supports the DoH- and DoT-based secure transmission modes and provides HTTP- and HTTPS-based JSON APIs for DoH. The secure transmission services of DNS apply to mobile applications, browsers, operating systems, Internet of Things (IoT) devices, gateways, and routers. These services encrypt DNS queries during transmission, which improves the security, resolution stability, and privacy protection of your Internet access.

In addition, TCP or HTTP connections are used between clients and DNS servers to provide secure transmission services of DNS. On one hand, Alibaba Cloud public DNS can be used for accurate location-based DNS resolution and traffic scheduling. On the other hand, dynamic DNS changes can take effect in seconds based on the end-to-end DNS connection characteristics.

Note: Alibaba Cloud public DNS supports TLS 1.2 and TLS 1.3 for the DoH and DoT transmission services.