en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

What is DNS over HTTPS (DoH)?

DNS over HTTPS (DoH) uses the HTTPS protocol for sending and retrieving encrypted DNS queries and responses. The DoH protocol has been published as a proposed standard by the IETF as RFC 8484.

DNS queries and responses have historically been sent as plaintext, potentially compromising the privacy of internet users – including visitors to encrypted HTTPS websites. DoH prevents potential attackers and/or government authorities from reading users’ DNS queries, and also buries DNS traffic on port 443 (the standard HTTPS port), where it is difficult to distinguish from other encrypted traffic.

DoH in Chrome and Firefox

Recent announcements by Google and Mozilla about their browser implementations have put DoH into the spotlight for privacy-seeking internet users:

  • The Chromium Blog announced on September 10, 2019 that Chrome 78 will include an experiment that will use DoH if the user’s existing DNS provider is on a list of selected DoH-compatible providers included with the browser. If the user’s provider is not on the list, the browser will fall back to the plain-text DNS protocol.
  • Mozilla announced on September 6, 2019 that they will be rolling out DoH as a default setting for its Firefox browser in the USA “starting in late September.” Mozilla’s plan has been criticized because, unlike Google’s implementation, Firefox will use Cloudflare’s DoH servers by default (although the user may manually specify another provider).

What About DNS over TLS?

DNS over TLS (DoT), published by the IETF in RFCs 7858 and 8310, is similar to DoH in that it encrypts DNS queries and responses; however, DoT operates over port 853 (as opposed to DoH’s port 443). In support of DoT over DoH, some network security experts argue that using a distinct port for DNS requests is essential for effective traffic inspection and control.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page.

Related FAQs

Follow Us

What is SSL/TLS?

Play Video

Subscribe to SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com