DNS over HTTPS (DoH) is a security protocol that encrypts traffic between the resolver and the Domain Name System through the HTTPS protocol, preventing DNS spoofing and man-in-the-middle attacks
. The goal of DNS over HTTPS is to protect privacy by encrypting DNS requests. This hides name resolutions from the Internet Service Provider and intermediate entities and prevents man-in-the-middle attacks. DNS over TLS (DoT) has the same goal with Transport LayerSecurity
(TLS).With DNS over HTTPS, the connection between the client and the web server is encrypted using the HTTPS protocol. The web server connected to the name server provides the numeric IP addresses. It is different with DNS over TLS where the TLS protocol encrypts the connection between the user
and the name server. This protects DNS requests to the name server from both eavesdroppers and tampering. The DoH protocol was specified by the IETF in RFC 8484, but is subject to certain limitations. It encrypts the requests but cannot authenticate the responses. The DoH protocol makes it difficult to inspect data packages and monitor enterprise concepts that work with Bring Your Own Devices (BYOD).