Private DNS is what Android calls DNS over TLS. It's basically normal DNS but with a TLS connection wrapped around it.
DoT is very easy to self host if you already run something like a pihole (using nginx to proxy a tcpstream + having it wrap a TLS connection around it) and can be exposed to the internet because it can work over TCP (thus reducing the DDoS risk factor significantly).
In Android there's a setting to enable it in the network settings. The default will be "off", if you pick "on" you'll probably be using Google's DNS servers, if you pick "hostname" you can pick a different server.
tuananh|6 years ago
jeroenhd|6 years ago
DoT is very easy to self host if you already run something like a pihole (using nginx to proxy a tcpstream + having it wrap a TLS connection around it) and can be exposed to the internet because it can work over TCP (thus reducing the DDoS risk factor significantly).
In Android there's a setting to enable it in the network settings. The default will be "off", if you pick "on" you'll probably be using Google's DNS servers, if you pick "hostname" you can pick a different server.
k__|6 years ago
vezycash|6 years ago
Google support page explation for private DNS doesn't explain anything. Just recommends leaving it on.