dog supports the new DoT (DNS-over-TLS) transport system. Queries using DoT will be sent over port 853 by default.
The purpose of sending DNS queries through a TLS communications channel is to prevent eavesdropping or modification of the query or response as it travels across the public Internet.
To send queries over TLS, pass the
--tls command-line option.
dog example.com --tls @dns.google