DNS over HTTPS (DoH), which is Domain Name Service over Secure HyperText Transfer Protocol. HTTP is the technology the Web runs on. The S in HTTPS is the secured version of HTTP, it’s encrypted using TLS (originally was SSL, Secure Sockets Layer), Transport Layer Security.
DNS translates site names (e.g., www.google.com) into an IP (Internet Protocol) address (e.g., 8.8.8.8). DNS is an unencrypted protocol like HTTP. Adding in the Security component is somewhat tricky, but DoH is one of the ways, it just piggy backs on a tried and true secure transport technology that powers the web today.
The reason you would want to use DoH is to secure the domains you are accessing from (1) being intercepted and/or altered, e.g., someone poisoning the response and giving you a bad IP address for any number of reasons, and (2) snoops such as the WiFi provider you’re connected to or the Internet Service Provider (ISP) or cellular provider, or anyone else watching the unencrypted traffic.
All this is correct, but keep in mind that you still leak domain names until ECH (encrypted client hello) is in wide-spread use.
It is of course still a good idea to use encrypted DNS, just don’t assume your ISP can’t see which websites you are accessing.
Cheers very much. I was somewhat familiar with the concept (didn’t knew the abbreviation for it tho). But your explanation just made everything slide in their place. Thanks again
DNS over HTTPS (DoH), which is Domain Name Service over Secure HyperText Transfer Protocol. HTTP is the technology the Web runs on. The S in HTTPS is the secured version of HTTP, it’s encrypted using TLS (originally was SSL, Secure Sockets Layer), Transport Layer Security. DNS translates site names (e.g., www.google.com) into an IP (Internet Protocol) address (e.g., 8.8.8.8). DNS is an unencrypted protocol like HTTP. Adding in the Security component is somewhat tricky, but DoH is one of the ways, it just piggy backs on a tried and true secure transport technology that powers the web today.
The reason you would want to use DoH is to secure the domains you are accessing from (1) being intercepted and/or altered, e.g., someone poisoning the response and giving you a bad IP address for any number of reasons, and (2) snoops such as the WiFi provider you’re connected to or the Internet Service Provider (ISP) or cellular provider, or anyone else watching the unencrypted traffic.
All this is correct, but keep in mind that you still leak domain names until ECH (encrypted client hello) is in wide-spread use. It is of course still a good idea to use encrypted DNS, just don’t assume your ISP can’t see which websites you are accessing.
Cheers very much. I was somewhat familiar with the concept (didn’t knew the abbreviation for it tho). But your explanation just made everything slide in their place. Thanks again