Encryption

When you visit a website, your device first sends a DNS query to translate the domain name (for example, example.com) into an IP address. Traditionally, these queries are sent in plaintext — unencrypted and readable by anyone on the network path.

Unencrypted DNS queries can be monitored, modified, or used for tracking by ISPs, network operators, or malicious actors.

To protect your DNS traffic, 1.1.1.1 supports three encryption standards:

• DNS over TLS (DoT) — Encrypts DNS queries over a dedicated TLS connection on port 853.
• DNS over HTTPS (DoH) — Encrypts DNS queries inside regular HTTPS traffic on port 443.
• Oblivious DNS over HTTPS (ODoH) — Adds a privacy layer to DoH so that no single entity can see both your identity and your query.

You can also configure your browser to secure your DNS queries.

To secure connections on your smartphone, refer to the 1.1.1.1 iOS or Android apps.