DNS over HTTPS (DoH)

DNS over HTTPS (DoH) is a security protocol that encrypts traffic between the resolver and the Domain NameSystem through the HTTPS protocol, preventing DNS spoofing and man-in-the-middle attacks.

The goal of DNS over HTTPS is to protect privacy by encrypting DNS requests. This hides name resolutions from the Internet Service Provider and intermediate entities, and prevents man-in-the-middle attacks. DNS over TLS (DoT) has the same goal with Transport Layer Security (TLS).

With DNS over HTTPS, the connection between the client and the web server is encrypted using the HTTPS protocol. The web server connected to the name server provides the numeric IP addresses. It is different with DNS over TLS where the TLS protocol encrypts the connection between the user and the name server. This protects DNS requests to the name server from both eavesdroppers and tampering.

The DoH protocol was specified by the IETF in RFC 8484, but is subject to certain restrictions. It encrypts the requests but cannot authenticate the responses. The DoH protocol makes it difficult to inspect data packages and monitor enterprise concepts that work with Bring Your Own Devices (BYOD).

Englisch:	DNS over HTTPS - DoH
Updated at:	04.06.2020
#Words:	184
Links:	domain name system (DNS), hypertext transfer protocol secure (SSL/TLS) (HTTPS), security protocol, traffic, spoofing
Translations:	DE
Sharing: