As security was not among the original DNS design goals, over ten secure-DNS schemes have been proposed to improve security and privacy during the name resolution process.One of the schemes is DNS-over-TLS (DoT), which relies on the Internet's PKI for establishing trust in recursive resolvers. The security research community has studied and improved security shortcomings in the web certificate ecosystem. DoT's certificates, on the other hand, have not been investigated comprehensively. This thesis analyzes the certificate ecosystem of DoT in comparison to HTTPS. The results are so far promising, as they show that DoT appears to have benefited from the PKI security advancements that were designed for HTTPS. The thesis then surveys secure-DNS schemes, and presents an evaluation framework to assess their security, availability, privacy, and anonymity benefits. Our evaluation illustrates that none of the DNS schemes secures the complete path of the domain name resolution. All rated schemes provide only partial security benefits in specific domain name resolution stages. The results shed light on the challenges of designing a comprehensive and widely-deployable secure-DNS scheme to secure the complete name resolution path.However, as some schemes can be combined, their resultant benefits can address individual shortcomings.