Hello? So I got this for Cloudflare.

Does that mean that I am routing my DNS queries to Cloudflare and they are being encrypted so that no one can see them?


It does, though keep in mind browsers still send the hostname of HTTPS connections in plaintext in the SSL handshake (SNI). Firefox introduced ESNI for this purpose, which is also supported by Cloudflare.

1 Like

Yes. Your phone sends DNS requests over HTTPS (Port 443) just like an encrypted web browser request.

DoT will also send encrypted DNS requests, but over Port 853 (instead of unencrypted Port 53), akin to how HTTPS over 443 is an encrypted version of HTTP over Port 80.


Thanks! Yeah don’t worry about sni I changed the Firefox options to ESNI as well.

closed #5

This topic was automatically closed after 30 days. New replies are no longer allowed.