Skip to main content

DNS over HTTPS (DoH)

 is a relatively new protocol that encrypts domain name system traffic by passing DNS queries through a Hypertext Transfer Protocol Secure encrypted session. DoH seeks to improve online privacy by hiding DNS queries from view.

 How DOH works

In order to understand how DoH works, it is necessary to first understand how regular DNS works. Websites are hosted on web servers, and every web server -- or site on a server -- has an associated Internet Protocol (IP) address. For a browser to access a website, it must first determine the site's IP address, which is where DNS is important. A DNS server's job is to convert a hostname, such as https://whatis.com, into an IP address.

When users enter a hostname into their browser, the request is sent to a recursive resolver, which then passes the request to a root name server -- if the resolver does not already know how to resolve the query. A root name server handles top-level domains, such as .com, .org and .edu. The root server then sends the address of the appropriate top-level DNS server back to the resolver. If, for example, the user was trying to access a .com site, then the root DNS would provide the address associated with the .com top-level domain server.

At this point, the resolver sends its request to the top-level domain server, and the top-level domain server responds with the IP address of the DNS server that handles the requested domain. The resolver then sends the request to this DNS server, which returns the IP address of the website that the user is trying to access. The browser is then able to issue an HTTP or HTTPS request to that IP address to access the website that the user requested. In some cases, caching enables this process to be shortcut, but this is the essence of how normal DNS works.

DoH works in essentially the same way, but there are two key differences. The first -- and most obvious -- difference is that the DNS requests are encapsulated within an HTTPS session, rather than the browser making an HTTP request as has been done in the past. Like HTTPS web traffic, these requests are sent over port 443. It is worth noting that, for DoH to work, both the browser and the DNS server must support DoH.

The other key difference between standard DNS and DoH is that DoH seeks to minimize the information that is transmitted during the various DNS queries. It does this by transmitting only the portion of the domain name that is necessary to complete the current step in the name resolution process rather than sending the full domain name that the user's browser is trying to resolve. For example, the DNS root does not need to know that the user's browser is trying to resolve https://whatis.com. It only needs to know that the browser is trying to resolve a .com address.

Benefits of DoH

There are several possible benefits to using DNS over HTTPS. The primary benefit is that encrypting DNS name resolution traffic helps to hide your online activities. When users enter a URL into their browser, a DNS query is typically needed in order to resolve the domain portion of the URL into an IP address. While it may be tempting to think of this name resolution request as being sent directly to a DNS server, the reality is that, unless a DNS server exists on the local network, the name resolution request has to pass through the internet service provider's network and through any routers that exist between the ISP and the DNS server. The name resolution request is visible at any one of these hops. This means, for instance, that an ISP can see exactly which sites are being visited, simply by monitoring DNS name resolution requests. DoH hides the name resolution requests from the ISP and from anyone listening on intermediary networks.

DoH also helps to prevent DNS spoofing and man-in-the-middle (MitM) attacks. In other words, because the session between the browser and the DNS server is encrypted, nobody can alter the resolution request results to point the user's browser toward a fraudulent website.

Criticism and controversy

DNS over HTTPS has drawn sharp criticism. Vocal opponents of DoH, such as Comcast, have shared concerns that DoH would concentrate most of DNS data with Google, giving it control of internet traffic routing and access to large amounts of consumer and competitor data.

DoH can also be problematic in the enterprise. Enterprises sometimes monitor DNS requests to block access to malicious or inappropriate sites. DNS monitoring can also sometimes be used to detect malware that is attempting to "phone home." Because DoH encrypts name resolution requests, it creates a security monitoring blind spot.

DoH on web browsers

Despite the controversy surrounding DoH, the protocol is becoming widely supported by web browsers. Mozilla announced on Feb. 25, 2020, that its Firefox browser is now DoH-enabled. It is worth noting that Firefox passes all DoH traffic through Cloudflare by default.

Recently, Microsoft replaced its Edge browser with a completely redesigned version that is based on Google's Chromium. According to Microsoft, the Edge browser and the Windows core networking stack will eventually support DoH. While it is currently possible to use DoH with the Chromium-based Edge browser, doing so requires a hidden configuration option to be enabled.

Google Chrome also supports DoH, although DoH support is not enabled by default. Once enabled, Chrome attempts to use the same DNS servers that it had been previously configured to use. If those DNS servers support the use of DoH, then name resolution requests will be encrypted. Otherwise, Chrome will resort to using unencrypted DHS traffic.

Comments

Post a Comment

Popular posts from this blog

Understanding the Evolution: AI, ML, Deep Learning, and Gen AI

In the ever-evolving landscape of artificial intelligence (AI) and machine learning (ML), one of the most intriguing advancements is the emergence of General AI (Gen AI). To grasp its significance, it's essential to first distinguish between these interconnected but distinct technologies. AI, ML, and Deep Learning: The Building Blocks Artificial Intelligence refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions. Machine Learning, a subset of AI, empowers machines to learn from data and improve over time without explicit programming. Deep Learning, a specialized subset of ML, involves neural networks with many layers (hence "deep"), capable of learning intricate patterns from vast amounts of data. Enter General AI (Gen AI): Unraveling the Next Frontier Unlike traditional AI systems that excel in specific tasks (narrow AI), General AI aims to replicate human cognitive abilities across various domains. I...
Post a Comment
Read more

Normalization of Database

Database Normalisation is a technique of organizing the data in the database. Normalization is a systematic approach of decomposing tables to eliminate data redundancy and undesirable characteristics like Insertion, Update and Deletion Anamolies. It is a multi-step process that puts data into tabular form by removing duplicated data from the relation tables. Normalization is used for mainly two purpose, Eliminating reduntant(useless) data. Ensuring data dependencies make sense i.e data is logically stored. Problem Without Normalization Without Normalization, it becomes difficult to handle and update the database, without facing data loss. Insertion, Updation and Deletion Anamolies are very frequent if Database is not Normalized. To understand these anomalies let us take an example of  Student  table. S_id S_Name S_Address Subject_opted 401 Adam Noida Bio 402 Alex Panipat Maths 403 Stuart Jammu Maths 404 Adam Noida Physics Updation Anamoly :  To upda...
Post a Comment
Read more

How to deal with a toxic working environment

Handling a toxic working environment can be challenging, but there are steps you can take to address the situation and improve your experience at work: Recognize the Signs : Identify the specific behaviors or situations that contribute to the toxicity in your workplace. This could include bullying, harassment, micromanagement, negativity, or lack of support from management. Maintain Boundaries : Set boundaries to protect your mental and emotional well-being. This may involve limiting interactions with toxic individuals, avoiding gossip or negative conversations, and prioritizing self-care outside of work. Seek Support : Reach out to trusted colleagues, friends, or family members for support and advice. Sharing your experiences with others can help you feel less isolated and provide perspective on the situation. Document Incidents : Keep a record of any incidents or behaviors that contribute to the toxic environment, including dates, times, and specific details. This documentation may b...
Post a Comment
Read more