The Internet giant Companies like Microsoft, Google, and Mozilla are pushing forward with DNS over HTTPS (DoH). In this post, we are going to explain to you how DNS over HTTPS (DoH) will boost Privacy Online.
This new-age technology will encrypt DNS lookups, improving online privacy and security. But it is controversial as Comcast is lobbying against it. Here is what you need to know about it.
The web has been definitely pushing towards encrypting everything by default. At this point in time, most of the websites you access are likely using HTTPS encryption.
Modern web browsers like Google Chrome now mark any sites using standard HTTP as “not secure.” HTTP/3, as the new version of the HTTP protocol, has encryption baked in.
This encryption makes sure that no one can tamper with a web page while you are viewing it or snoop on what you are doing online. For example, if you connect to Wikipedia.org, the network operator—whether that is a business’s public Wi-Fi hotspot or your ISP.
They can only see that you are connected to wikipedia.org. They cannot see which article you are reading, and they also can’t modify a Wikipedia article in transit.
However, in the push towards encryption, DNS has been left behind. The domain name system basically makes it possible to connect to websites through their domain names rather than by using numerical IP addresses.
You type a domain name like google.com, and your system will contact its configured DNS server to get the IP address associated with google.com.
After that, it will then connect to that IP address.
Until now, these DNS lookups have not been encrypted. When you connect to a website, your system fires off a request saying you are looking for the IP address that associate with that domain.
Anyone in between—possibly your ISP, but perhaps also just a public Wi-Fi hotspot logging traffic—could log which domains you are connecting to. DNS over HTTPS closes this oversight option.
When DNS over HTTPS, your system will make a secure, encrypted connection to your DNS server and transfer the request and response over that connection. Anyone in between will not be able to see which domain names you are looking up or tamper with the response.
In recent days, most people use the DNS servers provided by their internet service provider. However, there are many third-party DNS servers too like Cloudflare’s 184.108.40.206, Google Public DNS, and OpenDNS.
These third-party DNS providers are among the first to enable server-side support for DNS over HTTPS. To use DNS over HTTPS, you will need both a DNS server and a client (like a web browser or operating system) that supports it.
Google and Mozilla Browser are already testing DNS over HTTPS in Google Chrome and Mozilla Firefox. On November 17, 2019, Microsoft announces it will adopt DNS over HTTPS in the Windows networking stack.
This will make sure every application on Windows will get the benefits of DNS over HTTPS without being explicitly coded to support it.
Google says it will also enable DoH by default for 1% of users starting in Chrome 79, expected for release on December 10, 2019. When that version is released, you will also be able to go to chrome://flags/#dns-over-https to enable it.
Mozilla Firefox says it will enable DNS over HTTPS for everyone in 2019. In the current stable version of Firefox today, you can head to menu > Options > General, scroll down, and click “Settings” under Network Settings to find this option. And simply Activate “Enable DNS over HTTPS.”
Apple has not yet commented on plans for DNS over HTTPS, but we expected the company to follow and implement support in iOS and macOS along with the rest of the industry.y
It is not enabled by default for everyone yet, but DNS over HTTPS should make using the internet more private and secure once it is finished.
This does not sound very controversial so far, but it is. Comcast has apparently been lobbying congress to stop Google from rolling out DNS over HTTPS.
In a presentation presented to lawmakers and obtained by Motherboard, Comcast argues that Google is pursuing “unilateral plans” (“along with Mozilla”) to activate DoH and “[centralize] a majority of worldwide DNS data with Google,”
This also would “mark a fundamental shift in the decentralized nature of the Internet’s architecture.” Much of this is quite frankly more false. Mozilla’s Marshell Erwin told Motherboard that “the slides overall are extremely misleading and inaccurate.”
In a blog post, Goole’s Chrome product manager Kenji Beaheux points out that Google Chrome will not be forcing anyone to change their DNS provider. Chrome will also obey the system’s current DNS provider—if it does not support DNS over HTTPS, Chrome won’t use DNS over HTTPS.
And, in the time since Microsoft has announced plans to support DoH at the Windows OS level. With Microsoft, Google, and Mozilla embracing it, this is hardly a “unilateral” scheme from Google only.
Some have theorized that Comcast does not like DoH because it can no longer collect DNS lookup data. However, Comcast has promised it is not spying on your DNS lookups.
The company also that insists it supports encrypted DNS but wants a “collaborative, industry-wide solution” rather than “unilateral action.” Comcast’s messaging is messy—its arguments against DNS over HTTPS were clearly meant for lawmakers’ eyes and not for the public’s.
With keeping Comcast’s strange objections aside, let’s take a look at how DNS over HTTPS will actually work. When DoH support goes live in Chrome, Chrome will use DNS over HTTPS option only if the system’s current DNS server supports it.
In another way, if you have Comcast as an internet service provider and Comcast refuses to support DoH, then Chrome will work as it does today without encrypting your DNS lookups.
If you have another DNS server configured—perhaps you have chosen Cloudflare DNS, Google Public DNS, or OpenDNS, or maybe your ISP’s DNS servers do support DoH—Chrome will use encryption to talk to your current DNS server, automatically “upgrading” the connection.
Many Users might choose to switch away from DNS providers that do not offer DoH—like Comcast’s—but Chrome will not automatically do this. This also means that any content-filtering solutions that use DNS won’t be interrupted.
Mozilla Firefox works a bit differently. Mozilla Firefox has chosen to go with Cloudflare as Firefox’s encrypted DNS provider in the US. Even if you have a different DNS server configured.
Mozilla Firefox will send your DNS requests to Cloudflare’s 220.127.116.11 DNS server. Firefox will let you disable this option or use a custom encrypted DNS provider, but Cloudflare will only be the default.
Microsoft says DNS over HTTPS in Windows 10 will work similarly as to Chrome. Windows 10 will obey your default DNS server and only enable DoH if your choice of DNS server supports it.
However, Microsoft also says it will guide “privacy-minded Windows users and administrators” to DNS server settings. Windows 10 version might encourage you to switch DNS servers to one that is secure with DoH, but Microsoft says Windows will not make the switch for you.