What is DNS-Over-HTTPS?

We first need to understand what DNS is, this is the system that your friendly URL (ie www.google.com) gets converted from the nice name we type, to an IP address the computer can use to find the resources you are looking for, and deliver the request to the end user, most users will be only aware of this in browsers, but all operating systems use this for various resources the systems use to communicate with any systems either locally on your network or over the internet.

Currently the operating system (Windows, OSX, Linux etc) do all these lookups and have one centralised system for these lookups.

However these requests are made in clear text to DNS servers, this has some security implications and can be open to abuse such as DNS poisoning and man in the middle attack where such requests are changed to a compromised server.

Step in DOH (and DOT, this however is not covered in this article)

How does DOH help, in essence it means the browser in this case takes over the request and doesn't pass to the operating system for resolution, but rather does the look up itself over a secure channel to its own dedicated DNS servers.

So what’s the issue?

For home users very little, in fact is a good idea for 99.9% of people, albeit if you are ok for your DNS requests to be made by 3rd party servers and the associated privacy concerns.

For business users this can cause big issues, why? Most organises will run their own DNS servers, and within these servers will be specific record for resources that are either local only, or route via a secure channel for access. Using DOH in these cases will mean DNS lookups to these resources will fail, or may result in an incorrect resolution address. In these circumstances you'll need to disable DOH in order to access these resources

Enabling and disabling DNS-over-HTTPS For Mozilla (Firefox)

Firefox is in the process of turning this ON by default from September 2019

1. Click the menu button and choose Options.
2. In the General panel, scroll down to Network Settings and click the Settings… button.
3. In the dialog box that opens, scroll down to Enable DNS over HTTPS.
   • On: Select the Enable DNS over HTTPS checkbox. Select a provider or set up a custom provider.
   • Off: Deselect the Enable DNS over HTTPS checkbox.

   

4. Click OK to save your changes and close the window.

Enabling and disabling DNS-over-HTTPS For Chrome

Currently DOH is OFF by DEFAULT with no immediate plans to make this ON by default, as such no changes need to be made currently