How would you compare VPNs vs DoH vs DoT? Is one best? Should a combination be used?
I would compare DoH and DoT but they don’t serve the same purpose as a VPN. Ideally you’d want to use either DoH and a VPN or DoT and a VPN.
DoH and DoT serve the same purpose and aren’t combined (DoH is DNS over HTTP over TLS while DoT is DNS over TLS: combining the two would be redundant).
DoH and DoT provide transport-layer security between a client and a DNS server. If your VPN server is configured to route DNS traffic, you still need DoH or DoT for DNS traffic to be encrypted between the VPN server and the DNS server (Bear in mind that while most VPN services route DNS traffic, some leave your local configuration intact and let it handle DNS requests).
While similar, I’d recommend DoH over DoT because of the following: DoH uses port 443, like other https traffic, whereas DoT uses port 853. Consequentially, DNS requests over DoT are much easier to detect (and block, as is sometimes done on enterprise networks) whereas DoH traffic is quite difficult to distinguish from other HTTPS packets.
Thank you that almost sorta made sense to a layperson like myself lol. I do understand what to use and what not to use and what to pair together. That’s all I needed! Thanks a ton!