DNS-over-TLS for (local domains) allows for more secure DNS without the need for a VPN on roaming users.