[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["没有我需要的信息","missingTheInformationINeed","thumb-down"],["太复杂/步骤太多","tooComplicatedTooManySteps","thumb-down"],["内容需要更新","outOfDate","thumb-down"],["翻译问题","translationIssue","thumb-down"],["示例/代码问题","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2024-09-03。"],[[["Google Public DNS offers DNS resolution over TLS to enhance privacy and security between clients and resolvers, protecting against eavesdropping and spoofing."],["DNS-over-TLS operates using strict or opportunistic privacy profiles, with strict requiring authenticated connections to a specific server and opportunistic allowing fallback to unencrypted DNS if TLS fails."],["Client systems using DNS-over-TLS establish a secure connection by verifying the server's identity through TLS certificates, ensuring data is exchanged over an encrypted channel."],["Google Public DNS supports standards such as TLS 1.3, TCP Fast Open, and DNS Transport over TCP to provide a high-quality and low-latency service."],["Users can configure DNS-over-TLS on devices running Android 9 or higher and also utilize it with the IPv6-only Google Public DNS64 service, though the latter is not recommended for mobile devices on multiple networks."]]],["DNS-over-TLS encrypts DNS queries and responses, enhancing privacy and security. It operates in two profiles: *strict* and *opportunistic*. Strict requires secure TLS connection verification on port 853, failing if validation fails. Opportunistic attempts secure connection on 853 but falls back to unsecured port 53 if it fails, without validating the server. Clients using strict profile resolve the server name, establish a TLS connection on port 853, and validate the server's certificate. Google Public DNS supports this method and follows related RFC specifications.\n"]]