What is DNS on HTTPS and how does it work?

DNS on HTTPS (short «Doh») is a free protocol standard for the transfer of DNS applications (and resolutions) through the hypertext transfer protocol (HTTPS). Doh encrypted the data and is therefore considered a safe alternative compared to the transfer of DNS information to a simple language. This aims to protect unauthorized access or manipulation content and protect Internet users' privacy. Here you can find out how DNS works on HTTPS and what advantages and disadvantages involves the standard.

1. How does DNS work on HTTPS?

The DNS («Domain Name System») is responsible for the resolution of the name in the networks, whose best known representatives probably include the internet. If it is called a URL (e.g. www.wintotal.de) in the browser, a request to the DNS is automatically made to determine the IP address of the web server (in our example this would be 91.210.227.76). Using this information, the browser then calls on the website. Without DNS, you should enter the IP address in the browser every time you want to visit a website.

However, the question also has a grip: The DNS server query is transmitted in simple language. This means that, in principle on the road between the device and the name server, this means which website you want to call. A party for hackers and IT criminals, because manipulations (e.g. redirect to another side or ddos ​​attacks) are therefore relatively easy to do.

1.1. The data are hidden in HTTPS traffic

This is where DNS comes into play on Https. As the name suggests, this uses the HTTPS protocol that works on door 443 by default. Since this is open in most networks, there are no problems with the firewall blocks or the like.

DNS traffic is then performed by means of a encrypted HTTPS connection to non -censored DNS servers (compatible with Doh), the so -called resolvers doh. For this purpose, Doh uses a communication -oriented communication and sends HTTPS packages, which in turn contain the actual DNS request. The data are therefore hidden in the actual HTTPS traffic. In turn, the Resolver also responds encrypted.

Using HTTPS, practically every web server is now able to respond to DNS requests (provided that I naturally support Doh). In addition, it should provide information on all connected and used pages on the website requested in the future. In this way, no other DNS questions are needed if they move to the relevant page.

Good to know: «Classic» DNS servers can also be expanded to expand the Doh and therefore can be requested via HTTPS. However, since today's DNS servers do not support DOH queries, the apps in question contain lists with fixed Doh servers. These actually separated DNS on HTTPS from the DNS settings of the operating system.

2. DNS on HTTPS also has weak points

Most normal «normal» users probably don't even know how DNS works and what exactly is necessary for. For all these, Doh is certainly a huge security gain. Technically expert administrators and private users should see everything with conflicting feelings.

Especially in companies, the influence of Doh can even lead to serious difficulties. Normally, system administrators use local DNS and DNS software servers for the filter and monitoring of local data traffic. This should prevent employees from being able to access unauthorized or dangerous content. With Doh, however, employees are able to bypass the filters and also access the blocked content.

And the safety of your privacy is not hundred percent guaranteed in Doh. The data are encrypted on their way between the client and the resolver in both directions, but the providers are also available for other options (keyword «TLS-Handhake» and «SNI»), with which they can understand the course of their websites visited.

Good to know: In the United States, the great suppliers (such as Comcast) are particularly bitter opponents of Doh, since this makes it difficult, among other things, is difficult, among other things. For this reason, an ISP group has created a presentation with misleading and even false statements on Doh, in the hope of creating a negative attitude by the legislator and the congress.

3. Which browser already supports doh already?

3.1. Mozilla Firefox

Mozilla and the American Internet service provider are the hustle and bustle behind DNS on HTTPS, so Firefox was also the first browser with integrated Doh. In the current version it is possible to use the function through «Settings -> Connection settings«Activate.

Tipp: By default, Firefox manages all Doh requests through a Flare Cloud resolver. Personal settings regarding DNS management are simply ignored. Alternatively, there is the possibility of setting the setting on another resolver doh.

https://www.youtube.com/watch?v=nfjf_-7o00w

3.2. Google Chrome

According to Firefox, Google Chrome is the second browser with Doh. However, you have to do it here through the link «Chrome: // Flags/#dns-over-https“Activate. This currently works for Windows, Mac, Android and Chrome OS, Linux users are unfortunately excluded.

After turning on the function, Chrome sends DNS requests to the same server before, but encrypted traffic when it has an interface compatible with Doh. Otherwise, requests are sent not encrypted.

https://www.youtube.com/watch?v=zdmjguqrkag

3.3. Chrome -based browser

Many other well -known browsers (including Microsoft Edge, Opera or Vivaldi) are based on chromium and its flashing engine. DNS on HTTPS is therefore available and can be activated in their respective settings.

Good to know: Apple is currently very covered as regards the questions about the implementation of the Doh in Safari. However, since the individual data protection functions can be found in the most recent versions of the browser, there is a high probability that a decision is also made in the near future in relation to the Doh Protocol.

(25 votes, media: 4.70 out of 5)

Loading …