[Skunkleton]

Doesn't TCP, TLS, HTTP, and finally DNS seem like overkill? Why not DTLS + plain DNS requests?

[gsich]

Standard HN response: Because my corporate firewall does not allow me to use UDP! Which is the nowadays excuse to use 80/443 for everything. Customers at home don't have this problem.

But there are alternatives, DNS over TLS (essentially the same without HTTP) and dnscrypt which uses UDP.

[walrus01]

This is why I run an openvpn server on port 443 in tcp mode, not UDP, for places like shitty airport captive portal wifi.