DNS-over-HTTPS (DoH) and DNSCrypt encrypt the DNS communication, thereby helping prevent attackers from observing what sites you visit or sending you to phishing websites.
- Authenticity: Verify that it is communicating with the intended DNS service provider and not a fake service provider that’s controlled by an attacker.
- Integrity: Verify that the response it got from the DNS service provider hasn’t been tampered with by attackers using the same network, thereby stopping phishing attacks.
- Confidentiality: Can talk to the DNS service provider over an encrypted channel which means that attackers can no longer rely on DNS to observe which websites other users are visiting when sharing the same connection, e.g. public WiFi in a library.