What Is DNS Over HTTPS (DoH)?
DNS is the Internet’s phonebook for converting domain names into IP addresses. It’s what allows you to type “google.com” in your browser and end up on the right web page, which could be hosted in a different country from where you are browsing.
In this article, we will explore DNS over HTTPS (DoH), an emerging technology that could change how you connect to websites and make your browsing more secure.
What Is DNS Over HTTPS?
The answer to that question may not be as simple as it sounds. To understand the concept, you first need to know what DNS and HTTPS are.
DNS
Domain Name System, or DNS, is a protocol that translates domain names to IP addresses on the Internet.
When you type a domain name into your browser, the Domain Name System (DNS) converts it to an IP address.
The DNS system allows you to connect to websites and other online services by remembering the domain names they use rather than their numerical internet protocol addresses.
HTTPS
HTTPS is a protocol for securing communications on the Internet. HTTPS was developed by Netscape and introduced in 1994 as an enhancement to HTTP (hypertext transfer protocol).
It provides end-to-end data encryption, which means no one can see your personal information when you visit a site. The encrypted connection ensures that sensitive data like passwords and credit card numbers are secured.
Now that we all know what HTTPS does, let’s take a deeper look into why this is such an important thing.
DNS over HTTPS
DoH (DNS over HTTPS) is a protocol that allows for DNS requests to be sent through an encrypted connection, which makes it more secure and private.
By using traditional DNS, your DNS queries are sent over the Internet in plain text, which means anyone who can see what websites you’re visiting can know exactly what you are looking for. This includes your internet service provider (ISP) and government agencies.
This information could be used to track individual browsing habits, hijack search results, redirect traffic to phishing sites, or even steal passwords.
DNS over HTTPS is a more secure alternative that encrypts all DNS requests sent between your device and the website you visit, thus protecting you from snooping eyes.
With the DoH protocol in place, ISPs won’t be able to see what sites you are visiting, nor will they be able to block access to specific websites.
Introduced in 2018, DoH is a growing protocol that more and more DNS resolvers are starting to use. If you’re looking for an extra layer of security when browsing the Internet, using DoH is a great way to do it.
How Do I Enable DoH in My Browser?
Most popular browsers have DoH enabled by default, but you can check to make sure by following these steps.
Google Chrome
- Go to “Settings”
- And then “Privacy and Security”
- Under the “Privacy and Security” section, there will be “Security”
- Scroll down, and you will see “Use secure DNS”
- From there, select “With Custom” instead of “With your current service provider” since most ISP’s resolvers are slow and sometimes down.
- Select your choice of DNS resolver, and you can choose Cloudflare DNS, Google DNS, OpenDNS, or CleanBrowsing.
Mozilla Firefox
- Go to “Settings”
- In “General” scroll down until you find “Network Settings”
- Click “Settings”
- Scroll down and tick the “Enable DNS over HTTPS”
- From there, you can choose Cloudflare DNS, NextDNS, or custom.
Microsoft Edge
- Go to “Settings”
- And then go to “Privacy, search, and services”
- Scroll down until you find “Use secure DNS to specify how to lookup the network address for websites”
- Enable it, and you can choose CleanBrowsing, OpenDNS, Cloudflare DNS, or Google DNS.
You can also Enter custom providers inside the box on all browsers above, such as Quad9 (use https://dns.quad9.net/dns-query).
If your browser doesn’t support DNS over HTTPS such as Safari, you can install DNSCrypt on Windows, macOS, and Linux; however, there is no user interface.
As mentioned earlier, since DNSCrypt is not easy to install for casual users, it is better to use a browser that supports DoH instead.
Additionally, suppose you only want to use Cloudflare DNS. In that case, you can install their software (Windows, macOS, and Linux supported) or their application on your mobile device (App Store and Google Play).
You may choose Cloudflare as your DNS resolver as it is currently the fastest DNS resolver in the world. You can find out more about Cloudflare DNS resolver here.
On another note, Cloudflare also supports Malware Blocking Only or Malware and Adult Content Blocking on their DNS for families.
How Do I Know If It’s Working?
You can use the DNS leak test website to check. If it’s working, the website will show the name of the DNS resolver that you choose.
Benefits of Using DoH
Prevent “Man-in-The-middle” Attacks
DNS over HTTPS is a new protocol that replaces the traditional DNS protocol with an encrypted and authenticated version. The result of this change is that your browsing will be safer and more private.
DoH uses HTTPS, which means all communications between your device and the DNS server are encrypted end-to-end, meaning no third party can see what you’re doing online or tamper with any data being sent back and forth without detection from either side of the communication channel.
This prevents “man-in-the-middle” attacks that intercept and alter sensitive data sent between you and a website.
Enhance Privacy
By default, your browser sends information about the site to the DNS servers when you visit a website. Your ISP uses this information to determine which server to send you to.
With DNS over HTTPS, your browser will send the request for the website’s address directly to the DoH server rather than through your ISP. This means that your ISP will not have any information about the websites you are visiting and cannot sell this data to advertisers or other third parties.
FAQs About DNS Over HTTPS
What Is the Difference Between DNS Over TLS (DoT) And DNS Over HTTPS (DoH)?
DoT is similar to DoH in that it also uses the secure transport layer of TLS. This creates an encrypted connection between you and a DNS server.
However, DoH encrypts requests for websites made over port 443 (the same port used by regular web traffic). While DoT only uses port 853.
From a privacy perspective, DoH is the better choice. Since port 443 is usually unblocked by network administrators. while using DoT uses a non-standard port making it less likely to be accessible on public networks or at workplaces.
How Many DNS Over HTTPS Providers Are There?
The most popular DNS over HTTPS provider is Cloudflare which has a global network of data centers that can provide high performance and reliability for your browsing.
However, if you want to use another provider, here are some lists of supported providers.
Should I Use DNS Over HTTPS or VPN?
VPNs are a more comprehensive solution that encrypts all traffic between your device and the VPN server. This means that not only are you protected while surfing, but also other activities such as streaming video or downloading files.
This makes it more difficult for someone to spy on or tamper with your data. Additionally, VPN hides your IP address, which can be used to track your location or activities.
If you are looking for extra security and privacy, using a VPN such as Private Internet Access is a better option. You may want to avoid free VPN services as they are often insecure and sell your data to third parties.
Conclusion
DNS over HTTPS is an encrypted, authenticated version of the traditional DNS protocol. This means that all data passing between you and the DNS server is fully encrypted end to end; your connection to a website will be secure and not susceptible to man-in-the-middle attacks or other types of eavesdropping.