Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit

https://www.engadget.com/2017/10/23/google-android-dns-tls/

Google's efforts to push websites to use encrypted connections is paying off. Just days ago, the search giant revealed that HTTPS use on its own products is at 89 percent overall, up from just 50 percent at the beginning of 2014. (Not sure what we're blabbering on about? Just peep the green lock icon and the word "secure" in the address bar). Now, Google is adding an extra layer of security to Android. XDA Developers has spotted that DNS over TLS (Transport Layer Security) support is heading to the mobile OS, according to the Android Open Source Project -- meaning DNS queries will be encrypted to the same level as HTTPS.

The Domain Name System (DNS) -- often referred to as the internet's phone book -- translates domain names (like engadget.com) into machine-readable IP addresses. The process is hidden from users, but essentially applies to every website you visit. While TLS hides your DNS requests, it won't afford you full privacy (as your Internet Service Provider can still see the IP address you're communicating with). For that, you'll still need a VPN app. But, this is also about DNS robustness. TLS would make it harder for hackers to hijack a DNS to spy on users or, worse still, to direct them to fake sites and phishing pages.

Updates to the Android repository suggest you will be able to disable DNS over TLS, and that it may arrive on a future update.

会导致所有域名都解析不了

@learnshare 花薇 笑咪 带头表示, 不会跟风加入此功能, 会剔除此功能. 请大家放心

没太懂，是 http dns 的升级版么？ ssl 证书不是对域名的么，然后这个域名也得解析啊。。

@chairuosen 貌似是加密 DNS 请求了，只有 DNS 服务器才知道你请求的是哪个网站，ISP 无法知道。

这个和 DNSSEC 有区别吗？

你们哪来的自信能用的这个功能？

@yksoft1 DNSSEC 是看的 DS 记录 但查询过程不加密的吧 (应该
DNS over TLS 是全程加密

OpenWRT/LEDE 几时加入此功能咧？

DNS 还不是用的运营商的

我觉得到时运营商还是会把这个封了

掩耳盗铃。。因为 99.9%的人都只用运营商的 dns

有個卵用
什麽時候給 Android 加個自定義 DNS 功能 DNS Over TLS 才有用