How DNS Over HTTPS (DoH) Will Boost Privacy Online
Boost Privacy Online Companies like Microsoft, Google, and Mozilla are pushing forward with DNS over HTTPS (DoH). This technology will encrypt DNS lookups, improving online privacy and security. But it’s controversial: Comcast is lobbying against it. Here’s what you need to know.
What Is DNS Over HTTPS?
The web has been pushing towards encrypting everything by default. At this point, most of the websites you access are likely using HTTPS encryption. Modern web browsers like Chrome now mark any sites using standard HTTP as “not secure.” HTTP/3, the new version of the HTTP protocol, has encryption baked in.
This encryption ensures that no one can tamper with a web page while you’re viewing it or snoop on what you’re doing online. For example, if you connect to Wikipedia.org, the network operator—whether that’s a business’s public Wi-Fi hotspot or your ISP—can only see that you’re connected to wikipedia.org. They can’t see which article you’re reading, and they can’t modify a Wikipedia article in transit.
But, in the push towards encryption, DNS has been left behind. The domain name system makes it possible to connect to websites through their domain names rather than by using numerical IP addresses. You type a domain name like google.com, and your system will contact its configured DNS server to get the IP address associated with google.com. It will then connect to that IP address.
Until now, these DNS lookups haven’t been encrypted. When you connect to a website, your system fires off a request saying you’re looking for the IP address associated with that domain. Anyone in between—possibly your ISP, but perhaps also just a public Wi-Fi hotspot logging traffic—could log which domains you’re connecting to.
DNS over HTTPS closes this oversight. When DNS over HTTPS, your system will make a secure, encrypted connection to your DNS server and transfer the request and response over that connection. Anyone in between won’t be able to see which domain names you’re looking up or tamper with the response.
Today, most people use the DNS servers provided by their internet service provider. However, there are many third-party DNS servers like Cloudflare’s 126.96.36.199, Google Public DNS, and OpenDNS. These third-party providers are among the first to enable server-side support for DNS over HTTPS. To use DNS over HTTPS, you’ll need both a DNS server and a client (like a web browser or operating system) that supports it.
Who Will Support It?
Google and Mozilla are already testing DNS over HTTPS in Google Chrome and Mozilla Firefox. On November 17, 2019, Microsoft announced it would be adopting DNS over HTTPS in the Windows networking stack. This will ensure every application on Windows will get the benefits of DNS over HTTPS without being explicitly coded to support it.
Google says it will enable DoH by default for 1% of users starting in Chrome 79, expected for release on December 10, 2019. When that version is released, you’ll also be able to go to
chrome://flags/#dns-over-https to enable it.
Mozilla says it will enable DNS over HTTPS for everyone in 2019. In the current stable version of Firefox today, you can head to menu > Options > General, scroll down, and click “Settings” under Network Settings to find this option. Activate “Enable DNS over HTTPS.”
Apple hasn’t yet commented on plans for DNS over HTTPS, but we expected the company to follow and implement support in iOS and macOS along with the rest of the industry.y
It’s not enabled by default for everyone yet, but DNS over HTTPS should make using the internet more private and secure once it’s finished.
Tags: DNS, HTTP, HTTP protocol