DNS over HTTPS

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Internet security
protocols
Key management
Application layer
Domain Name System
Internet Layer

DNS over HTTPS (DoH) is an experimental protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks.[1] As of March 2018, Google and the Mozilla Foundation are testing versions of DNS over HTTPS.[2][3]

In addition to improving security, another goal of DNS over HTTPS is to improve performance: testing of ISP DNS resolvers has shown that they have surprisingly slow response times in many cases, a problem that can be multiplied further by the need to resolve many addresses to deliver a single service such as a web page load.[1]

Google's publicly-implemented version of this protocol uses HTTP GET commands (over HTTPS) to access DNS information using an encoding of DNS query and result parameters represented in JSON notation.[2]

Another similar specification is in Internet-Draft status under the auspices of the IETF. This version of the protocol uses HTTP/2 and HTTPS, and the initial version supports the "wire format" DNS response data, as returned in existing UDP responses, in an HTTPS payload with the application/dns-message MIME type.[1][4] If HTTP/2 is used, the server may also use HTTP/2 server push to send values that it anticipates the client may find useful in advance.[4]


DNS over HTTPS - Public DNS Servers[edit]

DNS over HTTPS server implementations are already available for free by some public DNS providers[5]. Three implementations offer for production services[6]:

Provider IPs Protocol Blocking Features
Cloudflare 1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001		 IETF draft No DoH endpoint[7]
Google Public DNS 8.8.8.8
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844		 Google experimental No DoH endpoint[8]
CleanBrowsing 185.228.168.168
185.228.168.169
2a0d:2a00:1::
2a0d:2a00:2::		 N/A Adult content. DoH endpoint [9]

Client Support[edit]

  • Firefox Nightly — Browser support.[10]
  • DNSCrypt-proxy — Local DNS → DNS over HTTPS proxy.[11]
  • doh-php-client — PHP Implementation.[12]

Alternatives[edit]

See also[edit]

References[edit]

  1. ^ a b c Chirgwin, Richard (14 Dec 2017). "IETF protects privacy and helps net neutrality with DNS over HTTPS". The Register. Retrieved 2018-03-21. 
  2. ^ a b "DNS-over-HTTPS | Public DNS | Google Developers". Google Developers. Retrieved 2018-03-21. 
  3. ^ Cimpanu, Catalin (2018-03-20). "Mozilla Is Testing "DNS over HTTPS" Support in Firefox". BleepingComputer. Retrieved 2018-03-21. 
  4. ^ a b Hoffman, P; McManus, P. "draft-ietf-doh-dns-over-https-08 - DNS Queries over HTTPS". datatracker.ietf.org. Retrieved 2018-05-20. 
  5. ^ "DNS over HTTPS Implementations". 2018-04-27. Retrieved 2018-04-27. 
  6. ^ "DNS Security and Privacy". 2018-04-27. Retrieved 2018-03-27. 
  7. ^ Running a DNS over HTTPS - Cloudflare Resolver
  8. ^ Google Public DNS
  9. ^ https://doh.cleanbrowsing.org/doh/family-filter/
  10. ^ "Improving DNS Privacy in Firefox". 
  11. ^ "DNSCrypt-proxy v2.0". 
  12. ^ "DNS over HTTPS PHP Client". 
Retrieved from "https://en.wikipedia.org/w/index.php?title=DNS_over_HTTPS&oldid=845730585"