DNS over HTTPS: What It Is and Should You Use It?

When you visit a website, your DNS query travels across the internet completely unencrypted. Anyone watching - your ISP, network admin, or a hacker on public WiFi - can see exactly which sites you're looking up.

DNS over HTTPS (DoH) fixes this problem.

What is DNS over HTTPS?

DoH encrypts your DNS queries using HTTPS - the same encryption that protects your banking and shopping. Instead of sending queries in plain text to port 53, they're wrapped in encrypted HTTPS requests to port 443.

This means your DNS traffic looks just like regular web traffic, making it much harder to monitor or tamper with.

Benefits of DoH

Privacy

Your ISP can no longer see which websites you're visiting (at least not through DNS). This is especially important in countries with heavy internet surveillance.

Security

Encrypted queries can't be intercepted or modified. This prevents DNS spoofing attacks on untrusted networks.

Bypassing Censorship

Some networks block certain domains at the DNS level. DoH can bypass these blocks since the queries are encrypted and look like normal HTTPS traffic.

The Controversy

DoH isn't universally loved. Here's why some people have concerns:

Network Administrators

IT departments often use DNS monitoring for security and policy enforcement. DoH makes this harder, potentially allowing malware to phone home undetected.

ISPs

They lose visibility into user behavior (which some see as a feature, not a bug).

Centralization

If everyone uses the same few DoH providers (Cloudflare, Google), it concentrates a lot of power and data in few hands.

How to Enable DoH

Firefox:

Settings > Privacy & Security > Enable DNS over HTTPS

Chrome:

Settings > Privacy and Security > Security > Use secure DNS

Windows 11:

Settings > Network & Internet > Your connection > DNS server assignment > Edit > Choose "DNS over HTTPS"

iOS:

Use the 1.1.1.1 app from Cloudflare or configure a DoH profile

Android:

Settings > Network > Private DNS > Enter a DoH provider hostname

Popular DoH Providers

- Cloudflare: https://cloudflare-dns.com/dns-query - Google: https://dns.google/dns-query - Quad9: https://dns.quad9.net/dns-query

Should You Use It?

For most people, yes. The privacy and security benefits outweigh the downsides. If you're on public WiFi regularly, DoH is especially valuable.

However, if you're on a corporate network, check with IT first. They might have legitimate reasons for monitoring DNS, and bypassing their controls could violate policy.

DoH vs DoT

DNS over TLS (DoT) is an alternative that also encrypts DNS. The main difference is that DoT uses a dedicated port (853), making it easier to identify and block. DoH blends in with regular web traffic.

Both are good options. DoH is more widely supported in browsers, while DoT is common in operating systems and routers.

The days of unencrypted DNS are numbered. Whether through DoH or DoT, encrypted DNS is becoming the standard - and that's a good thing for everyone's privacy.