Why we use DNS over TLS (DoT)
Data protection is an essential part of our work. We regularly review and discuss our data protection measures and adapt them where necessary. One such adaptation is the implementation of DNS over TLS (DoT) in our infrastructure.
With DoT, requests to resolve host names or IP addresses from a client, e.g. a web browser, to a DNS server are encrypted. This prevents that DNS queries can be manipulated or spied out by third parties. However, with DoT only the transmission is secured. It is therefore still crucial, which DNS servers are used for the query and how these servers handle the data.
For our office infrastructure we use the publicly accessible DNS server of the swiss association Digitale Gesellschaft. This non-profit association guarantees on its DNS servers that no requests are logged and no blocking lists are maintained. The "Digitale Gesellschaft" periodically informs in a transparency report about their DNS servers.