Encrypting DNS end-to-end

Over the past few months, a pilot project was conducted with Facebook to test the feasibility of securing the connection between 1.1.1.1 and Facebook's authoritative name servers using TLS encryption. The results showed that while initial connection adds some latency, it is offset by many queries. The DNS latency between 1.1.1.1 and Facebook's authoritative name servers was found to be comparable with average UDP connections. For more detailed information on the pilot project, visit Code, Facebook's Engineering blog.