The Domain Name System (DNS) — often referred to as the Internet’s phone book — translates domain names (like privacyblog.com) into machine-readable IP addresses, such as: 220.127.116.11. The process is hidden from users, but essentially applies to every website you visit. While TLS hides your DNS requests, it won’t afford you full privacy (as your Internet Service Provider can still see the IP address you’re communicating with). For that, you’ll still need a VPN app.
Some low-brow advertisers read your DNS request and then direct you to fake sites and phishing pages.
Now Google is adding a better method of hiding DNS requests from your Internet Service Provider as well as from other spies. This new feature is named “DNS over TLS,” an experimental protocol currently receiving comments at the Internet Engineering Task Force (IETF), an Internet standards body.
As the protocol’s name alludes, DNS over TLS will encrypt DNS traffic, similarly to how HTTPS encrypts HTTP traffic.
You can read more in an article by Catalin Cimpanu in the BleepingComputer web site at: http://bit.ly/2y0XNOQ.