The original DNS design lacks inherent security and privacy guarantees; existing solutions are either impractical to deploy or provide only partial enhancements. Method: This paper systematically constructs a comprehensive threat model and attack taxonomy covering the entire DNS resolution process, proposes— for the first time—14 core properties spanning security, privacy, and availability, and designs a multi-dimensional objective evaluation framework. It conducts phased capability assessments of 12 mainstream encrypted DNS protocols (e.g., DoT, DoH, Oblivious DNS). Contribution/Results: No single protocol achieves end-to-end defense; instead, capabilities exhibit significant stage-wise complementarity. Empirical validation confirms that cross-stage combinatorial deployment synergistically enhances holistic protection. The study provides both theoretical foundations and practical guidelines for secure DNS protocol selection, integration, and standardization.

Since security was not among the original design goals of the Domain Name System (herein called Vanilla DNS), many secure DNS schemes have been proposed to enhance the security and privacy of the DNS resolution process. Some proposed schemes aim to replace the existing DNS infrastructure entirely, but none have succeeded in doing so. In parallel, numerous schemes focus on improving DNS security without modifying its fundamental two-stage structure. These efforts highlight the feasibility of addressing DNS security as two distinct but compatible stages. We survey DNS resolution process attacks and threats and develop a comprehensive threat model and attack taxonomy for their systematic categorization. This analysis results in the formulation of 14 desirable security, privacy, and availability properties to mitigate the identified threats. Using these properties, we develop an objective evaluation framework and apply it to comparatively analyze 12 secure DNS schemes surveyed in this work that aim to augment the properties of the DNS resolution process. Our evaluation reveals that no single scheme provides ideal protection across the entire resolution path. Instead, the schemes tend to address a subset of properties specific to individual stages. Since these schemes targeting different stages of DNS resolution are complementary and can operate together, combining compatible schemes offers a practical and effective approach to achieving comprehensive security in the DNS resolution process.