diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
index c3b84b7be753c..74bb618976b75 100755
--- a/core/java/android/provider/Settings.java
+++ b/core/java/android/provider/Settings.java
@@ -9016,6 +9016,13 @@ public final class Settings {
*/
public static final String DEFAULT_DNS_SERVER = "default_dns_server";
+ /**
+ * Whether to disable DNS over TLS (boolean)
+ *
+ * @hide
+ */
+ public static final String DNS_TLS_DISABLED = "dns_tls_disabled";
+
/** {@hide} */
public static final String
BLUETOOTH_HEADSET_PRIORITY_PREFIX = "bluetooth_headset_priority_";
diff --git a/core/tests/coretests/src/android/provider/SettingsBackupTest.java b/core/tests/coretests/src/android/provider/SettingsBackupTest.java
index d875ed4e5ec55..1a0c7df2d428b 100644
--- a/core/tests/coretests/src/android/provider/SettingsBackupTest.java
+++ b/core/tests/coretests/src/android/provider/SettingsBackupTest.java
@@ -17,9 +17,11 @@
package android.provider;
import static com.google.android.collect.Sets.newHashSet;
+
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.empty;
import static org.hamcrest.Matchers.is;
+
import static java.lang.reflect.Modifier.isFinal;
import static java.lang.reflect.Modifier.isPublic;
import static java.lang.reflect.Modifier.isStatic;
@@ -28,14 +30,15 @@ import android.platform.test.annotations.Presubmit;
import android.support.test.filters.SmallTest;
import android.support.test.runner.AndroidJUnit4;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
import java.lang.reflect.Field;
import java.util.HashSet;
import java.util.Set;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
/** Tests that ensure appropriate settings are backed up. */
+@Presubmit
@RunWith(AndroidJUnit4.class)
@SmallTest
public class SettingsBackupTest {
@@ -175,6 +178,7 @@ public class SettingsBackupTest {
Settings.Global.DNS_RESOLVER_MIN_SAMPLES,
Settings.Global.DNS_RESOLVER_SAMPLE_VALIDITY_SECONDS,
Settings.Global.DNS_RESOLVER_SUCCESS_THRESHOLD_PERCENT,
+ Settings.Global.DNS_TLS_DISABLED,
Settings.Global.DOCK_SOUNDS_ENABLED_WHEN_ACCESSIBILITY,
Settings.Global.DOWNLOAD_MAX_BYTES_OVER_MOBILE,
Settings.Global.DOWNLOAD_RECOMMENDED_MAX_BYTES_OVER_MOBILE,
diff --git a/packages/SettingsLib/res/values/strings.xml b/packages/SettingsLib/res/values/strings.xml
index 8f7a3dd0f2c75..04a61d3e3a2ac 100644
--- a/packages/SettingsLib/res/values/strings.xml
+++ b/packages/SettingsLib/res/values/strings.xml
@@ -473,6 +473,12 @@
Streaming: %1$s
+
+ DNS over TLS
+
+ If enabled, attempt DNS over TLS on port 853.
+
Show options for wireless display certification
diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index 355e94956e6e3..b1d6f7353bdb4 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -1980,7 +1980,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub
final String[] domainStrs = domains == null ? new String[0] : domains.split(" ");
final int[] params = { sampleValidity, successThreshold, minSamples, maxSamples };
- final boolean useTls = false;
+ final boolean useTls = Settings.Global.getInt(resolver,
+ Settings.Global.DNS_TLS_DISABLED, 0) == 0;
final String tlsHostname = "";
final String[] tlsFingerprints = new String[0];
try {