Site icon SSL.com

What is DNS over HTTPS (DoH)?

DNS over HTTPS (DoH) uses the HTTPS protocol for sending and retrieving encrypted DNS queries and responses. The DoH protocol has been published as a proposed standard by the IETF as RFC 8484.

DNS queries and responses have historically been sent as plaintext, potentially compromising the privacy of internet users – including visitors to encrypted HTTPS websites. DoH prevents potential attackers and/or government authorities from reading users’ DNS queries, and also buries DNS traffic on port 443 (the standard HTTPS port), where it is difficult to distinguish from other encrypted traffic.

DoH in Chrome and Firefox

Recent announcements by Google and Mozilla about their browser implementations have put DoH into the spotlight for privacy-seeking internet users:

What About DNS over TLS?

DNS over TLS (DoT), published by the IETF in RFCs 7858 and 8310, is similar to DoH in that it encrypts DNS queries and responses; however, DoT operates over port 853 (as opposed to DoH’s port 443). In support of DoT over DoH, some network security experts argue that using a distinct port for DNS requests is essential for effective traffic inspection and control.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page.
Exit mobile version