DNS over HTTPS
DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. By March 2018, Google and the Mozilla Foundation had started testing versions of DNS over HTTPS. In February 2020, Firefox switched to DNS over HTTPS by default for users in the United States.
| Communication protocol | |
| Purpose | encapsulate DNS in HTTPS for privacy and security |
|---|---|
| Introduction | October 2018 |
| OSI layer | Application layer |
| RFC(s) | RFC 8484 |
| Internet security protocols |
|---|
| Key management |
| Application layer |
| Domain Name System |
| Internet Layer |
An alternative to DoH is the DNS over TLS (DoT) protocol, a similar standard for encrypting DNS queries, differing only in the methods used for encryption and delivery. Based on privacy and security, whether either protocol is superior is a matter of controversial debate; while others argue the merits of either depend on the specific use case.