Home Blog About Contact

DNS over HTTPS

Fri, Apr 10, 20

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. Goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

Encryption by itself does not protect privacy, encryption is simply a method to obfuscate the data.

What is DNS: the Domain Name System

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

How can DNS be exploited?

A resolver will tell each DNS server what domain you are looking for. This request sometimes includes your full IP address. Or if not your full IP address, increasingly often the request includes most of your IP address, which can easily be combined with other information to figure out your identity.

How to fix this with Trusted Recursive Resolver (TRR) and DNS over HTTPS (DoH)?

There are three threats here:

What are the Pros and Cons of DoH?

Pros

Cons

Browser support

Firefox and Chrome are still in the experimental phases of testing encrypted DNS, so most of your connections likely won’t take advantage of it for now anyway, and there are still ways to opt out of using it at all. But as with the push to get websites to adopt HTTPS encryption, encrypted DNS will likely move forward now if Chrome and Firefox find that the change doesn’t have too much of an impact on speed or reliability for users.

Continue reading

Full Version of DNS over HTTPS