dog supports the new DoT (DNS-over-TLS) transport system. Queries using DoT will be sent over port 853 by default.

The purpose of sending DNS queries through a TLS communications channel is to prevent eavesdropping or modification of the query or response as it travels across the public Internet.

To send queries over TLS, pass the -S or --tls command-line option.

dog example.com --tls @dns.google