Google wants to make its Android operating system more secure for all users and it implemented DNS over TLS support in the latest Android P Developer Preview.
According to Google blog , Like HTTPS, DNS over TLS uses the TLS protocol to establish a secure channel to the server. Once the secure channel is established, DNS queries and responses can’t be read or modified by anyone else who might be monitoring the connection. (The secure channel only applies to DNS, so it can’t protect users from other kinds of security and privacy violations.)
How DNS over TLS Support works in Android P version.
The Android P Developer Preview includes built-in support for DNS over TLS. Google added a Private DNS mode to the Network & internet settings.
By default, devices automatically upgrade to DNS over TLS if a network’s DNS server supports it. But users who don’t want to use DNS over TLS can turn it off.
If you want to use private DNS provider then Users need to enter a hostname. Then all DNS queries send over a secure channel to this server or marks the network as “No internet access” if it can’t reach the server. (For testing purposes, see this community-maintained list of compatible servers.)
DNS over TLS mode automatically secures the DNS queries from all apps on the system. However, apps that perform their own DNS queries, instead of using the system’s APIs, must ensure that they do not send insecure DNS queries when the system has a secure connection. Apps can get this information using a new API: LinkProperties.isPrivateDnsActive().
Android security engineer said, with the Android P Developer Preview, we’re proud to present built-in support for DNS over TLS. In the future, we hope that all operating systems will include secure transports for DNS, to provide better protection and privacy for all users on every new connection.
Google Android P is expected to have final release on next Google I/O developer conference.