DNS over TLS (DoT)

DoT Endpoints

Each DNS server has an DoT endpoint at dot.$location.pi-dns.com that supports encrypted DNS over TLS on port 853. All DoT endpoints are listed below.

West Europe

TLS Auth Name: dot.westeu.pi-dns.com
IPv6: 2a01:6f0:ffff:49::abcd
Port: 853

North Europe

TLS Auth Name: dot.northeu.pi-dns.com
IPv6: 2a01:4f9:c01f:4::abcd
Port: 853

West USA

TLS Auth Name: dot.westus.pi-dns.com
IPv6: 2a04:bdc7:100:70::abcd
Port: 853

East USA

TLS Auth Name: dot.eastus.pi-dns.com
IPv6: 2a0d:5600:33:3::abcd
Port: 853

Why DNS over TLS?

By using conventional DNS over port 53, even if you are visiting a site using HTTPS, your DNS query is sent over an unencrypted connection. That means that even if you are browsing https://pi-dns.com/, anyone listening to packets on the network knows you are attempting to visit pi-dns.com.

The second problem with unencrypted DNS is that it is easy for a Man-In-The-Middle to change DNS answers to route unsuspecting visitors to their phishing, malware or surveillance site. DNSSEC solves this problem as well by providing a mechanism to check the validity of a DNS answer, but only a single-digit percentage of domains use DNSSEC.

To make the internet safer and to increase the privacy for our users, pi-dns offers DNS resolution over a TLS-encrypted endpoint.

Questions? Help?

Do you have any questions? Is something not working as it should? Do you need help setting this up?

Contact us using our contact form here or even better, join our Telegram chat group here.

I’m always glad if I can help or if I get notified when something’s wrong!