Why we use DNS over TLS (DoT)
Data protection is an essential part of our work. We regularly review and discuss our data protection measures and
adapt them where necessary. One such adaptation is the implementation of DNS over TLS (DoT) in our infrastructure.
With DoT, requests to resolve host names or IP addresses from a client, e.g. a web browser, to a DNS server are
encrypted. This prevents that DNS queries can be manipulated or spied out by third parties. However, with DoT only the
transmission is secured. It is therefore still crucial, which DNS servers are used for the query and how these servers
handle the data.
For our office infrastructure we use the publicly accessible DNS server of the swiss association
Digitale Gesellschaft. This non-profit association guarantees on
its DNS servers that no requests are logged and no blocking lists
are maintained. The "Digitale Gesellschaft" periodically informs in a
transparency report about their DNS servers.