Home

DNSOverHTTPS

DNS over HTTPS (DoH) is a protocol for performing Domain Name System (DNS) resolution over the HTTPS protocol. It transports DNS queries and responses as HTTP requests and responses, using TLS to encrypt the connection between the client and the resolver. DoH aims to improve privacy and integrity by preventing eavesdroppers on the local network from observing or altering DNS traffic. The IETF defines DoH in RFC 8484.

How it works: A DoH client creates a DNS query and sends it to a designated DoH

Adoption and impact: DoH has been integrated into several web browsers and operating systems, allowing users

Limitations and considerations: Centralization risk exists when a small number of providers handle most DoH traffic,

server
via
HTTP
GET
or
POST.
The
DNS
message
is
carried
inside
the
HTTP
payload
or
the
URL,
and
the
server
replies
with
a
DNS
message
encoded
as
the
HTTP
response.
The
transport
is
encrypted
with
TLS,
so
observers
on
the
network
see
only
encrypted
HTTPS
traffic
rather
than
individual
DNS
queries.
to
choose
trusted
resolvers.
It
is
often
discussed
alongside
DNS
over
TLS
(DoT),
which
encrypts
DNS
queries
over
a
dedicated
TLS
channel.
DoH
can
help
bypass
some
forms
of
network
filtering
and
it
can
simplify
use
in
shared
networks,
but
it
may
reduce
visibility
for
enterprise
policy
enforcement
and
network
administrators.
raising
privacy
and
reliability
concerns.
DoH
does
not
inherently
guarantee
data
validity;
DNSSEC
validation
depends
on
the
resolver.
DoH
traffic
can
still
reveal
user
activity
to
the
chosen
resolver,
and
some
networks
may
block
or
interfere
with
DoH.