Advocates of user privacy have created the buzz around the DNS over HTTPS (DoH) protocol lately. Giant internet browser companies claim that users can improve their online privacy by forwarding their DNS queries to https providers in an encoded form via DoH servers. Therefore, bringing down the possibilities of being monitored by any ISP or a third party on the internet.
Nevertheless, the new protocol hasn’t got the expected approval and many users have erred on the side of caution. But, given the benefits that DoH can bring to the table, trying out the protocol in action by yourself won’t hurt. To help you with that, some of its benefits and how to set it up are discussed here.
1) What is DNS over HTTPS (DoH)?
To get the gist of the DoH protocol, it is worth understanding what DNS is and how one’s DNS query spread through the internet. In dummy's words, the Domain Name System is a decentralized directory of every website available on the internet and their associated Internet Protocol addresses.
You can consider DNS as a service that permits you to enter the domain name of a website—let’s say, grubhub.com— instead of its IP address—for instance, 188.8.131.52(GrubHub)— to make it simple for you to access any websites on the internet without the need to remember each of their IP addresses.
Hence, when you request access to grubhub.com, your Internet Service Provider(ISP) receives it and returns a connection request directly to the server of the website you are connecting to, in else, GrubHub, to get a suitable response.
It is at this level that the DNS over HTTPS protocol comes live. That is because, by and large, the request made from one’s Internet Service Provider to a website’s server is unsecure. Regardless of whether the site uses Hypertext Transfer Protocol(HTTP) or Hypertext Transfer Protocol Secure protocol (HTTPS), yes even HTTPS—another myth debunked ugh? That’s how anybody with enough cybersecurity knowledge can snoop between you and any solicited server to collect your personal data.
With the DoH protocol available, all the DNS traffic between a user and the matching server is secure. As a result, the protocol allows the transfer of DNS requests/responses over a secure and encrypted connection. Hence, preventing any third-party or ISP from tracking a user and his/her browsing activity.
2) What does DNS over HTTPS (DoH) Bring to The Table?
Until this point, you already know that the DoH protocol enables a secure communication channel for DNS requests/responses; in other words, they block any spying or eavesdropping on your online activity. By having an encrypted communication channel, the protocol ensures that nobody can eavesdrop between the DNS packets as they are sent and received.
Caution: The protocol does not totally obviate any ambit of intrusion or monitoring. For, the HTTPS protocol, and DNS in this case, have their own pitfalls that can be manipulated in some ways to earn access to the interaction between one’s client address and computer and the server of the site he/she is trying or connected to set up the connection with.
Moreover, it is just a precautionary initiative you embrace to keep your online privacy. An extra layer of security is not bad. Thus, having DNS over HTTPS will bring you that extra by protecting the DNS packets as they are forwarded and received.
3) How Does DNS over HTTPS (DoH) Work?
For the DNS over HTTPS protocol to work, you need two things to make it efficacious. DoH-compatible app/service and DNS server that supports DoH implementation. At SafeDNS, we are currently developing the feature, but we recommend DNS filtering as a more secure and reliable approach for web-based threats compared to DoH.
Basically, when an app/service that supports the DNS over HTTPS protocol makes a request to the server of a website, it is forwarded as an HTTPS request to the DoH server (also known as a resolver), where, the resolver runs the request and return a response back to the app/service via an encrypted channel.
The secure channel ensures or makes it hard for anyone spoofing on your local network (ISP-wise) not to see your requests, tail your activities, and modify the responses to fake as the website you are attempting to access, whether launch an attack and fool you to glean your personal data.
4) How Do You Enable DNS over HTTPS (DoH)?
DoH was first presented by Mozilla with its Firefox browser. The feature is enabled by default for all users in the US, but for other browsers, users need to enable it.
Moreover, it also gives the option to select a DNS provider from a list of known servers. On the other hand, some of the other popular web browsers now, especially those based on Chromium, do not offer similar built-in functionality like Firefox.
Nevertheless, there is a way to get the DoH protocol up and running on these browsers too. So, depending on the browser you use, follow the steps listed below to enable DoH support on your browser.
- Go to ‘Preferences’
- Choose settings under ‘Network Settings’
- Finally, enable it with the DNS servers available.
Brave, Google Chrome, or Microsoft Edge belong to Google’s free and open-source project, Chromium. Thus, enabling DNS over HTTPS on any of them follows the same procedure.
1. Open Google Chrome/Brave/Microsoft Edge and go to the settings by typing in your search bar chrome://settings/, the screen below should show up. Choose ‘Privacy and security’, then security among the offered options.
The screen below should appear. Users have the possibility to use a custom DNS server that supports DoH or choose Google Chrome’s built-in to support DoH. The same settings are available on Google Chrome for Android.
You need to change the DNS from your device settings to enable the DNS over HTTPS protocol, unlike Mozilla Firefox which already provides some features by default.
2. Depending on your browser, tap on the address bar and enter the command correspondingly : brave://flags/#dns-over-https, chrome://flags/#dns-over-https, or edge://flags/#dns-over-https
You will have something showing the following for Chrome. Then you may type ‘DNS lookup’ or ‘the required features or flags’, if it appears on this page, that probably means the feature you are looking for is under experimentation. Thus, caution before using them.
3. Finally, restart your browser, and you are set.
For Safari users browsing on their Mac, they are unlucky for now. As with the current operating system, macOS Catalina, Apple does not offer support for https traffic over the DoH protocol on Safari or any other app/service. Although, Apple did indicate its plans to add support for DNS over an HTTPS connection to its apps/services with the upcoming version of macOS (Big Sur).
By now, you should have an understanding of what DNS over HTTPS is, though many cybersecurity finds the protocol unreliable since ISPs still use other ways to look up a DNS request. But an extra layer of security won't hurt you.
If you need more knowledge about DoH, web filtering, and other information about SafeDNS features, you may visit our website or talk to our experts directly, and start your web filtering trial for free.