DNS-over-HTTPS is a relatively new technology that aims to keep your browsing private. There are good and bad things about it, and whether you should use it or not, it depends on your personal preferences.
But before we dive into the intricacies of the technology, we first need to establish: what is DNS-over-HTTPS, and how can it help (or hinder you) in the long run? Let’s find out.
What is DNS over HTTPS?
As you can see by the name, DNS-over-HTTPS is a combination of two existing technologies. The first is the Domain Name System (DNS) and the second is the Secure Hypertext Transfer Protocol (HTTPS).
What is DNS?
The first is the DNS side of DNS-over-HTTPS. DNS kicks in when you enter a URL in your browser’s address bar. For example, you might be well aware of what “www.makeuseof.com” means and where it goes, but for a computer these letters and words mean nothing. This is because URLs were designed to make it easier for humans to remember the location of a website.
Instead, a computer much prefers an IP address. And the role of the DNS server is to convert the URL to an IP address so that your computer knows where to send its data.
However, when your computer sends the request to decrypt a URL to the DNS server, it is done through normal HTTP. This means that it is in no way encrypted, allowing third-party agents such as hackers and your ISP to see the websites you visit. And if there is a particularly bad egg on your network, they can manipulate the data to send your PC to bad websites.
What is HTTPS?
Then, HTTPS. HTTPS is a great improvement in security over HTTP as it encrypts all traffic sent to it. This means that people watching from the outside cannot see the data you send or modify it.
When DNS and HTTPS combine
As you might expect, DNS-over-HTTPS occurs when your computer sends its DNS query over HTTPS rather than HTTP. This means that no one spying on the outside can see the websites you visit.
After all, the communication is not completely secure: the DNS server must decode the request to see what it is asking for. At this point, the DNS server provider can record who is requesting access to which websites. However, anyone who is not you or your DNS service provider will not be able to take a look at your browsing habits.
How is DNS-Over-HTTPS implemented?
DNS-over-HTTPS sounds great on paper, but its implementation is a bit tricky. One of its main attractions is that it keeps your browsing habits a secret from your ISP. However, your ISP handles your DNS queries by default.
As such, if you’ve used DNS-over-HTTPS with your ISP’s DNS server, it doesn’t hide your traffic from them. This is because the DNS server has to decrypt the DNS request to see its contents, at which point the server can log the request and who made it. And if that server is owned by your ISP, you send your data to it on a silver platter.
The solution? Take the DNS queries out of the hands of the ISP and forward them to a third party. And in this case, this third party is linked to the company that owns the browser you are using.
Google and Mozilla both implemented DNS-over-HTTPS in their Chrome and Firefox browsers, respectively. And to overcome the problem of removing the DNS server role from the ISP, they both decided to allow users to choose their own.
Google already has its own public DNS servers, so you can ask Chrome to connect to them. However, Chrome also offers predefined options for OpenDNS, CleanBrowsing, and Cloudflare at the time of writing, so you have a bit of a choice. And you can even offer to use your ISP’s DNS server if it supports HTTPS, in case you aren’t too concerned with hiding your activity from your service provider.
Firefox also uses trusted DNS over HTTPS providers to handle requests from its users. This includes CloudFlare and NextDNS, but you can configure your own as well.
Whichever way you choose, enabling DNS-over-HTTPS is as easy as flipping a switch in your browser. And you can find out all about how to do that in our guide on how to enable DNS-over-HTTPS in your browser.
The advantages of DNS over HTTPS
The most obvious benefit for DNS-over-HTTPS is the level of security it gives you. Only you and your DNS server see where you’re going, and it’s a convenient way to avoid DNS-based attacks.
On top of that, if you offer to use a DNS server that is not owned by your ISP, you can prevent your service provider from glancing at your traffic. Your ISP can get an IP address and a rough idea of where you’re going, but it’s much more difficult to trace than URLs. Combine that with an HTTPS connection to your favorite websites and you are giving your ISP very little.
The only technology that does the job better is a VPN, which creates a tunnel through which an ISP cannot look. However, in terms of the effort required to configure it, DNS-over-HTTPS only requires you to use an enabled browser and press a switch in its settings to enable the feature.
The disadvantages of DNS over HTTPS
DNS-over-HTTPS is not perfect, however. For example, some website blocking software will have difficulty with DNS-over-HTTPS if it depends on the URL you are visiting. This means that schools and parents will have more problems preventing children from accessing dangerous and harmful content.
Also, since the DNS request must go through HTTPS, your packet may take a little longer to cross the Internet than if it used HTTP. However, there’s a good chance you won’t see any noticeable lag when using it.
Overcome DNS Security Flaws with DNS-Over-HTTPS
While DNS-over-HTTPS may seem complex, it is actually quite simple by design. So now you know the technologies behind DNS-over-HTTPS, the sum of its parts, and why having it on hand is essential. And if you really love privacy, familiarizing yourself with HTTPS will really help you in the long run.
From version 90, the browser will direct you by default to HTTPS sites.
About the Author