DNS over HTTPS (DoH)
What is DNS over HTTPS (DoH)?
DNS over HTTPS (DoH)A protocol that encrypts DNS queries by transporting them inside HTTPS, preventing on-path observers from reading or modifying lookups.
DNS over HTTPS, defined in RFC 8484, sends DNS queries and responses as HTTPS requests to a designated resolver, typically over TLS on port 443. Because the queries travel inside ordinary HTTPS traffic, they are confidential, integrity-protected, and difficult for middleboxes to distinguish from regular web traffic. DoH defeats passive surveillance of lookups, on-path tampering, and many forms of DNS-based censorship, but it shifts trust to the resolver operator, who sees every query. It complements DNSSEC (which proves record authenticity) and is supported by major browsers and operating systems, sometimes with enterprise overrides to preserve DNS-based filtering.
● Examples
- 01
A browser sends queries to https://dns.example/dns-query so a coffee-shop Wi-Fi cannot inspect them.
- 02
An enterprise blocks public DoH endpoints to keep internal DNS filtering in effect.
● Frequently asked questions
What is DNS over HTTPS (DoH)?
A protocol that encrypts DNS queries by transporting them inside HTTPS, preventing on-path observers from reading or modifying lookups. It belongs to the Network Security category of cybersecurity.
What does DNS over HTTPS (DoH) mean?
A protocol that encrypts DNS queries by transporting them inside HTTPS, preventing on-path observers from reading or modifying lookups.
How do you defend against DNS over HTTPS (DoH)?
Defences for DNS over HTTPS (DoH) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for DNS over HTTPS (DoH)?
Common alternative names include: DoH, RFC 8484.