Each DNS server has an DoT endpoint at dot.$location.pi-dns.com that supports encrypted DNS over TLS on port 853. All DoT endpoints are listed below.
TLS Auth Name: dot.westeu.pi-dns.com IPv4: 184.108.40.206 IPv6: 2a01:6f0:ffff:49::abcd Port: 853
TLS Auth Name: dot.northeu.pi-dns.com IPv4: 220.127.116.11 IPv6: 2a01:4f9:c01f:4::abcd Port: 853
TLS Auth Name: dot.westus.pi-dns.com IPv4: 18.104.22.168 IPv6: 2a04:bdc7:100:70::abcd Port: 853
TLS Auth Name: dot.eastus.pi-dns.com IPv4: 22.214.171.124 IPv6: 2a0d:5600:33:3::abcd Port: 853
By using conventional DNS over port 53, even if you are visiting a site using HTTPS, your DNS query is sent over an unencrypted connection. That means that even if you are browsing https://pi-dns.com/, anyone listening to packets on the network knows you are attempting to visit pi-dns.com.
The second problem with unencrypted DNS is that it is easy for a Man-In-The-Middle to change DNS answers to route unsuspecting visitors to their phishing, malware or surveillance site. DNSSEC solves this problem as well by providing a mechanism to check the validity of a DNS answer, but only a single-digit percentage of domains use DNSSEC.
To make the internet safer and to increase the privacy for our users, pi-dns offers DNS resolution over a TLS-encrypted endpoint.