DNS over HTTPS

DNS over HTTPS
Communication protocol
Purpose	encapsulate DNS in HTTPS for privacy and security
Introduction	October 2018
OSI layer	Application layer
RFC(s)	RFC 8484

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks^[1] by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.^[2] By March 2018, Google and the Mozilla Foundation had started testing versions of DNS over HTTPS.^[3]^[4] In February 2020, Firefox switched to DNS over HTTPS by default for users in the United States.^[5] In May 2020, Chrome switched to DNS over HTTPS by default.^[6]

An alternative to DoH is the DNS over TLS (DoT) protocol, a similar standard for encrypting DNS queries, differing only in the methods used for encryption and delivery. Based on privacy and security, whether either protocol is superior is a matter of controversial debate, while others argue that the merits of either depend on the specific use case.^[7]

^ Chirgwin, Richard (14 Dec 2017). "IETF protects privacy and helps net neutrality with DNS over HTTPS". The Register. Archived from the original on 14 December 2017. Retrieved 2018-03-21.
^ "DNS over HTTPS · Cloudflare 1.1.1.1 docs". Cloudflare Docs. 2024-01-17. Retrieved 2024-02-21.
^ "DNS-over-HTTPS | Public DNS | Google Developers". Google Developers. Archived from the original on 2018-03-20. Retrieved 2018-03-21. – Google provides two endpoints: one for its 2018 JSON API, one for an RFC 8484 API.
^ Cimpanu, Catalin (2018-03-20). "Mozilla Is Testing "DNS over HTTPS" Support in Firefox". BleepingComputer. Archived from the original on 2018-03-20. Retrieved 2018-03-21.
^ ""A long-overdue technological shift toward online privacy": Firefox encrypts domain names. Google to follow". What's New in Publishing | Digital Publishing News. 2020-02-26. Archived from the original on 2020-02-26. Retrieved 2020-02-26.
^ "Google Makes DNS Over HTTPS Default in Chrome". Decipher. 2020-05-20. Retrieved 2024-03-29.
^ Claburn, Thomas (2020-05-20). "Google rolls out pro-privacy DNS-over-HTTPS support in Chrome 83... with a handy kill switch for corporate IT". The Register. Retrieved 2021-02-03.

[register-1] Chirgwin, Richard (14 Dec 2017). "IETF protects privacy and helps net neutrality with DNS over HTTPS". The Register. Archived from the original on 14 December 2017. Retrieved 2018-03-21.

[2] "DNS over HTTPS · Cloudflare 1.1.1.1 docs". Cloudflare Docs. 2024-01-17. Retrieved 2024-02-21.

[Google1-3] "DNS-over-HTTPS | Public DNS | Google Developers". Google Developers. Archived from the original on 2018-03-20. Retrieved 2018-03-21. – Google provides two endpoints: one for its 2018 JSON API, one for an RFC 8484 API.

[4] Cimpanu, Catalin (2018-03-20). "Mozilla Is Testing "DNS over HTTPS" Support in Firefox". BleepingComputer. Archived from the original on 2018-03-20. Retrieved 2018-03-21.

[5] ""A long-overdue technological shift toward online privacy": Firefox encrypts domain names. Google to follow". What's New in Publishing | Digital Publishing News. 2020-02-26. Archived from the original on 2020-02-26. Retrieved 2020-02-26.

[6] "Google Makes DNS Over HTTPS Default in Chrome". Decipher. 2020-05-20. Retrieved 2024-03-29.

[7] Claburn, Thomas (2020-05-20). "Google rolls out pro-privacy DNS-over-HTTPS support in Chrome 83... with a handy kill switch for corporate IT". The Register. Retrieved 2021-02-03.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

Internet security protocols
Key management
Kerberos RPKI PKIX Web of trust X.509 XKMS
Application layer
DKIM DMARC HTTPS PGP Sender ID SPF S/MIME SSH TLS/SSL
Domain Name System
DANE DNSSEC DNS over HTTPS DNS over TLS CAA
Internet Layer
IKE IPsec L2TP OpenVPN PPTP WireGuard
v t e

DNS over HTTPS

From Wikipedia, the free encyclopedia · View on Wikipedia