Да, Google рекомендует использовать в качестве Authentication Domain Name (ADN) адрес dns.google. Он же прописан в их сертификате как «Common Name» (CN).
Но в этом же сертификате есть поле «Subject Alternative Name» (SAN), в котором есть адрес dns.google.com. Поэтому проблем с подключением по такому адресу быть не должно.
Mac-mini:~ rustrict$ echo | openssl s_client -connect dns.google.com:853 | openssl x509 -text | grep "DNS:"
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = dns.google
verify return:1
DONE
DNS:dns.google, DNS:*.dns.google.com, DNS:8888.google, DNS:dns.google.com, DNS:dns64.dns.google,
IP Address:2001:4860:4860:0:0:0:0:64, IP Address:2001:4860:4860:0:0:0:0:6464, IP Address:2001:4860:4860:0:0:0:0:8844,
IP Address:2001:4860:4860:0:0:0:0:8888, IP Address:8.8.4.4, IP Address:8.8.8.8
Ну и собственно пример запроса:
rustrict@debian:~$ kdig -d @dns.google.com +tls-ca +tls-host=dns.google.com keenetic.com
;; DEBUG: Querying for owner(keenetic.com.), class(1), type(1), server(dns.google.com), port(853), protocol(TCP)
;; DEBUG: TLS, imported 128 system certificates
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, C=US,ST=California,L=Mountain View,O=Google LLC,CN=dns.google
;; DEBUG: SHA-256 PIN: vEbqO29VPXOULHxmGJxvrlGDm1MJ4XJQ6MtmlpgvL40=
;; DEBUG: #2, C=US,O=Google Trust Services,CN=GTS CA 1O1
;; DEBUG: SHA-256 PIN: YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
;; TLS session (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 13351
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 512 B; ext-rcode: NOERROR
;; QUESTION SECTION:
;; keenetic.com. IN A
;; ANSWER SECTION:
keenetic.com. 3599 IN A 46.105.148.88
;; Received 57 B
;; Time 2019-09-01 18:49:02 MSK
;; From 2001:4860:4860::8888@853(TCP) in 58.0 ms