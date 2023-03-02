DNS over HTTPS, or DoH for short, is a technology developed to improve the security and privacy of DNS resolution on the Internet.

DNS over HTTPS – explanation of the terms

What does DNS stand for?

DNS stands for Domain Name System and is a fundamental function of the Internet that allows users to find websites, email and other Internet services using easily understood domain names instead of an IP address. Traditionally, DNS resolution is done over an unencrypted connection, which means someone close to your computer or with access to your network can intercept and view all traffic between you and the DNS database

What’s the deal with the IP address?

IP addresses are something like the addresses of servers on the Internet. Every server that can be reached via the Internet must have its own unique IP address so that data packets can be sent there. The Internet protocols IPv4 and IPv6 are used for this. IPv4 is currently still the most widespread, but it is gradually being replaced or supplemented by the newer IPv6.

Difference between HTTP and HTTPS

The same problem used to affect data exchange between the browser and the website accessed. The HTTP protocol was used there, which – like DNS – is also unencrypted. Nowadays, however, most websites are already transmitted between web servers and browsers via the encrypted HTTPS protocol. While with an HTTP, for example, complete access data could be read, this is (almost) no longer possible with an encrypted connection via the HTTPS protocol.

So DNS is insecure – hence DNS over HTTPS (DoH)

DNS over HTTPS (DoH) is a technology developed to bridge this gap for DNS as well, by creating a secure and encrypted connection between your computer and the DNS database. Similar to surfing websites with HTTPS encryption. This prevents anyone from intercepting and viewing the content of the traffic between you and the DNS database.

In simple terms, DNS over HTTPS is a technology that protects your online privacy by encrypting your DNS requests so nobody can read the websites or services you visit.

Other advantages of DoH

In addition to the increased privacy achieved by DoH, there are other advantages:

Increased Security: Encrypting DNS traffic also prevents third parties from tampering with DNS queries and redirecting the user to malicious websites. This type of attack is often referred to as “DNS spoofing” and could be used to spread malware or launch a phishing attack. Prevents DNS blocking: In some countries, Internet use is restricted by blocking certain DNS servers. DNS over HTTPS offers users the ability to bypass these blocks by accessing a DNS server provided by another source. Improved Reliability: Unencrypted DNS servers can be affected by Distributed Denial of Service (DDoS) attacks, which can cause them to become unresponsive and disconnect the user from the Internet. DoH servers are typically less affected by such attacks, allowing them to provide more reliable DNS resolution. Protection against DNS tampering: Because DoH encrypts DNS traffic, third parties cannot see information about the websites or services visited by a user. This protects the user from tampering with DNS responses by Internet Service Providers (ISP) or governments to restrict or block access to certain content.

Overall, DoH provides better privacy, security, and reliability in DNS resolution, and can help users to be more independent and secure online.

Disadvantages of DNS over HTTPS

In addition to the very good arguments in favor of DNS over HTTPS, there are also disadvantages. This may include the following points:

Delays: Because DNS traffic is now encrypted, you may experience delays in connecting. This means webpages may load slower than before, which may be an issue for some users. Reduced control: Because DNS resolution is now performed by an encrypted DNS server, network administrators and parents may no longer have control over which websites can be accessed. You also no longer have the ability to monitor or filter DNS traffic to block inappropriate or harmful content. DNS Server Dependency: Because DNS traffic is now routed through an external DNS server, users are dependent on the availability and reliability of the server. If the server goes down or isn’t responding, it can result in a loss of internet connection. Potential Privacy Issues: While DNS over HTTPS improves the privacy and security of DNS resolution, the encrypted DNS requests can still be recorded and stored by the DNS server to which they are directed. If this server is controlled by a third party or shares data with third parties, it may cause potential privacy issues.

These disadvantages do not have to apply to every application. Before DoH is used, you should know and take them into account.

