The DNS (Domain Name System) protocol was developed a long time ago and security was not part of the process. Nowadays, security is a major concern and developers are redesigning old protocols to add more security. For DNS, two different approaches are proposed, DNS over TLS (DoT) and DNS over HTTPS (DoH). Let's dig deeper into these two proposals...
DNS protocol was design in 1983 and security was not present at that time. Thus, it was developed to use plaintext requests using TCP/UDP protocols. However, in today's reality, security needs to be taken into account and implemented everywhere when feasible. DNS requests, which are used by everyone surfing on the Internet, can be modified by malicious users thanks to DNS hijacking or Man In The Middle attacks and lead to sensitive data collection, website redirection...
Following the elements mentioned above, researchers found a solution (DNSSEC) to mitigate these issues. DNSSEC is a security protocol used to protect against attacks by digitally signing data to help ensure its validity. However, this solution was not fully satisfying and other solutions have been developed. DNS over TLS and DNS over HTTPS.
Both standards mentioned above, encrypt DNS requests but:
It is currently difficult to find a correct answer to this question as each company or even each IT security professional will have its own opinion on this. Furthermore, these two protocols are still in test phase. However, here are already some facts we can pinpoint:
Currently, we don't know which one will be implemented all over the world but keep in mind that changes will happen on DNS level in the next months.