DNS over HTTPS

DNS over HTTPS
Communication protocol
Purpose	encapsulate DNS in HTTPS for privacy and security
Introduction	October 2018; 6 years ago
OSI layer	Application layer
RFC(s)	8484

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks^[1] by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.^[2] By March 2018, Google and the Mozilla Foundation had started testing versions of DNS over HTTPS.^[3]^[4] In February 2020, Firefox switched to DNS over HTTPS by default for users in the United States.^[5] In May 2020, Chrome switched to DNS over HTTPS by default.^[6]

An alternative to DoH is the DNS over TLS (DoT) protocol, a similar standard for encrypting DNS queries, differing only in the methods used for encryption and delivery. Based on privacy and security, whether either protocol is superior is a matter of controversial debate, while others argue that the merits of either depend on the specific use case.^[7]

^ Chirgwin, Richard (14 Dec 2017). "IETF protects privacy and helps net neutrality with DNS over HTTPS". The Register. Archived from the original on 14 December 2017. Retrieved 2018-03-21.
^ "DNS over HTTPS · Cloudflare 1.1.1.1 docs". Cloudflare Docs. 2024-01-17. Retrieved 2024-02-21.
^ "DNS-over-HTTPS | Public DNS | Google Developers". Google Developers. Archived from the original on 2018-03-20. Retrieved 2018-03-21. – Google provides two endpoints: one for its 2018 JSON API, one for an RFC 8484 API.
^ Cimpanu, Catalin (2018-03-20). "Mozilla Is Testing "DNS over HTTPS" Support in Firefox". BleepingComputer. Archived from the original on 2018-03-20. Retrieved 2018-03-21.
^ ""A long-overdue technological shift toward online privacy": Firefox encrypts domain names. Google to follow". What's New in Publishing | Digital Publishing News. 2020-02-26. Archived from the original on 2020-02-26. Retrieved 2020-02-26.
^ "Google Makes DNS Over HTTPS Default in Chrome". Decipher. 2020-05-20. Retrieved 2024-03-29.
^ Claburn, Thomas (2020-05-20). "Google rolls out pro-privacy DNS-over-HTTPS support in Chrome 83... with a handy kill switch for corporate IT". The Register. Retrieved 2021-02-03.

[register-1] Chirgwin, Richard (14 Dec 2017). "IETF protects privacy and helps net neutrality with DNS over HTTPS". The Register. Archived from the original on 14 December 2017. Retrieved 2018-03-21.

[2] "DNS over HTTPS · Cloudflare 1.1.1.1 docs". Cloudflare Docs. 2024-01-17. Retrieved 2024-02-21.

[Google1-3] "DNS-over-HTTPS | Public DNS | Google Developers". Google Developers. Archived from the original on 2018-03-20. Retrieved 2018-03-21. – Google provides two endpoints: one for its 2018 JSON API, one for an RFC 8484 API.

[4] Cimpanu, Catalin (2018-03-20). "Mozilla Is Testing "DNS over HTTPS" Support in Firefox". BleepingComputer. Archived from the original on 2018-03-20. Retrieved 2018-03-21.

[5] ""A long-overdue technological shift toward online privacy": Firefox encrypts domain names. Google to follow". What's New in Publishing | Digital Publishing News. 2020-02-26. Archived from the original on 2020-02-26. Retrieved 2020-02-26.

[6] "Google Makes DNS Over HTTPS Default in Chrome". Decipher. 2020-05-20. Retrieved 2024-03-29.

[7] Claburn, Thomas (2020-05-20). "Google rolls out pro-privacy DNS-over-HTTPS support in Chrome 83... with a handy kill switch for corporate IT". The Register. Retrieved 2021-02-03.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

Internet security protocols
Key management
Kerberos RPKI PKIX Web of trust X.509 XKMS
Application layer
DKIM DMARC HTTPS PGP Sender ID SPF S/MIME SSH TLS/SSL
Domain Name System
DANE DNSSEC DNS over HTTPS DNS over TLS CAA
Internet Layer
IKE IPsec L2TP OpenVPN PPTP WireGuard
v t e

DNS over HTTPS

From Wikipedia, the free encyclopedia · View on Wikipedia