Skip to main content
Home DNS over HTTPS

DNS over HTTPS

(also DoH)

DNS over HTTPS definition

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) queries over an encrypted HTTPS connection. By encrypting DNS requests, DoH enhances user privacy by making these requests invisible to third parties. Operating similarly to traditional DNS, DoH reduces the information shared during searches while ensuring secure communication. Major web browsers like Microsoft Edge, Mozilla Firefox, and Google Chrome support DoH to improve data security and privacy for users.

See also: DNS server, DNS proxy, DNS cache, DNS filtering, DNS flushing, DNS hijacking, DNS port, DNS query, DNS record, DNS redirection, DNS resolution, DNS sinkhole

How does DoH work?

DNS over HTTPS (DoH) works by sending DNS queries and responses over an encrypted HTTPS connection, providing enhanced security and privacy. Here’s how it operates:

  • DNS query initiation: When a user tries to access a website, their device generates a DNS query to resolve the domain name.
  • HTTP request creation: Instead of sending the DNS query through traditional DNS protocols, the query is packaged as an HTTP request.
  • Encrypted transmission: This HTTP request is then sent to a DoH-compatible DNS resolver over an encrypted HTTPS connection, ensuring that the query remains private and secure during transmission.
  • Resolver processing: The DoH resolver receives the encrypted request, decrypts it, and processes the query to retrieve the corresponding IP address for the requested domain.
  • Response delivery: The resolver sends the IP address back to the user’s device, also through an encrypted HTTPS connection. This response is then decrypted by the device, allowing the user to connect to the desired website.

What are the benefits of DoH?

  • Hiding online activity. This is done by using a secure DNS service and encrypting all related traffic. Whenever a user enters a domain name into a browser, it makes a DNS query to transform the domain name into an IP address.
  • Preventing DNS spoofing and man-in-the-middle attacks. If a browser and DNS server are in an encrypted session, then a malicious third party cannot manipulate the request results and direct the user to a fake website.
  • Improving data security and privacy. If you set up DoH correctly, you will be able to increase data privacy and security in your organization.
  • Testing. You can test how DoH connects to your networks in advance and fix any problems related to it before it becomes standard.

Limitations

  • Admins unfamiliar with DoH or comparable protocols can generate false-negative security alerts and stop queries.
  • If the DNS traffic filtering solution does not function as expected or interact with DoH, the DoH will be completely ineffective.
  • To provide security and network data, it circumvents any DNS filtering your network may use.