(February 6, 2020)
While both offer encryption of DNS data using the same TLS protocol, there are some very important differences:
– Protocol layering: while DoT is essentially DNS over TLS, DoH is in fact DNS over HTTP over TLS.
– Different port numbers: DoT traffic uses a dedicated port 853, and can thus be distinguished at the network layer. DoH uses port 443 (HTTPS) due to the protocol layering.
– Different capabilities: DoT is largely the same DNS as we know it, while DoH to an extent combines features of DNS and HTTP.