Alibaba Cloud public DNS provides DNS resolution by using the TLS-encrypted TCP connections as specified in the RFC 7858 specifications. Alibaba Cloud public DNS supports access by using either domain names or IP addresses. The process is as follows:

1. Configure the DNS server dns.alidns.com or alidns_ip that uses DNS over TLS (DoT) on a terminal device.

2. If alidns.com is configured, the client first resolves alidns.com to obtain the value of alidns_ip.

3. After the client obtains the IP address of the DNS server, the client establishes a TCP connection with port 853 on the DNS server.

4. After the Transport Layer Security (TLS) handshake is complete, the client establishes a TLS connection with the DNS server.

5. The client sends DNS queries to the DNS server by using this connection.

Notice:alidns_ip is the A record of dns.alidns.com and can be one of the following IP addresses: 223.5.5.5 and 223.6.6.6.

If you are using an Android mobile phone, you can set the domain name and IP address of Alibaba Cloud public DNS in the settings of your mobile phone to obtain DoT-based secure transmission services.

Note: The preceding figure shows DoT network settings on a Huawei mobile phone.