DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. In simpler terms, it encrypts DNS queries, which are traditionally sent in plain text, by wrapping them in HTTPS. This enhances privacy and security between the client and the DNS resolver.
Traditional DNS queries are vulnerable to eavesdropping and manipulation. Because they are unencrypted, anyone monitoring network traffic can see the websites a user is visiting. This information can be used for tracking, censorship, or even malicious purposes like DNS spoofing. DoH prevents these vulnerabilities by encrypting the DNS queries, making it much harder for third parties to snoop on or alter DNS traffic.
When a user types a website address into their browser, the browser needs to translate that address into an IP address. With DoH, instead of sending an unencrypted DNS query to a DNS server, the browser sends an encrypted HTTPS request to a DoH-compatible server. This server then resolves the domain name and returns the IP address to the browser, all over a secure connection.
The adoption of DoH has sparked debate. Proponents argue it’s a crucial step for online privacy and security, especially in environments where network surveillance is common.
Opponents, however, raise concerns about centralization, as users might default to a small number of large DoH providers, potentially giving these providers a significant amount of user data. Additionally, some network administrators worry that DoH can bypass network-level security controls and monitoring.
