UK DNS Privacy Project
  1. Home
  2. Documentation
  3. How it works
  4. Encryption Methods

DNS over HTTPS (DoH) ​

DNS over HTTPS (DoH) is a protocol designed to enhance the privacy and security of DNS queries by encrypting them and transmitting them over the HTTPS protocol. Traditional DNS queries are sent in plaintext, making them vulnerable to interception and manipulation. DoH eliminates this vulnerability by encapsulating DNS queries within encrypted HTTPS traffic.

How Does DoH Work? ​

DoH works by sending DNS queries as HTTPS requests to a DoH server. Here’s an overview of the process:

  1. You enter a domain name (e.g., example.com) into your browser.
  2. Instead of sending a plaintext query to a DNS resolver over port 53, your browser or application sends the DNS query encrypted over HTTPS (port 443).
  3. The encrypted query is sent to a DoH-enabled DNS resolver. The server decrypts the query, processes it, and determines the corresponding IP address.
  4. The DoH server encrypts the response and sends it back to your device.
  5. Your device uses the IP address to establish a secure connection to the website or service.

This process ensures that DNS queries are not visible to third parties, such as ISPs or attackers monitoring network traffic.

Benefits of DNS over HTTPS ​

DoH offers several advantages over traditional DNS:

  • DoH encrypts DNS queries, making them indecipherable to eavesdroppers and protecting user privacy.
  • By using the same port (443) as HTTPS web traffic, DoH queries are indistinguishable from regular web traffic, making them harder to block or filter.
  • By securing the communication between clients and resolvers, DoH reduces the risk of DNS spoofing attacks, where malicious actors redirect users to fraudulent websites.
  • DoH prevents ISPs and other intermediaries from monitoring or logging DNS queries, enhancing user anonymity.

Challenges and Considerations ​

While DoH provides significant privacy and security benefits, it also introduces some challenges:

  • Many popular DoH resolvers are operated by large companies (e.g., Google, Cloudflare). This can lead to centralisation, where a few entities handle a significant portion of DNS traffic. DoH doesn not prevent your DNS provider from seeing the websites you visit and this can be used for profiling and ad targetting.
  • DoH may introduce slight latency compared to traditional DNS, as encrypted queries require additional processing.
  • Not all devices and networks natively support DoH. Users may need to configure browsers or operating systems to enable it.

How to Use DNS over HTTPS ​

To take advantage of DoH, you can:

  • Use DoH-Enabled Browsers: Many modern browsers, such as Mozilla Firefox and Google Chrome, have built-in support for DoH. You can enable it in the browser’s settings.
  • Configure Your Operating System: Some operating systems, like Windows and Android, offer system-wide DoH support.

UK DNS Privacy Project ​

UK DNS Privacy Project integrates DoH as part of its mission to provide secure and private DNS services. By leveraging DoH, we ensure that your DNS queries remain confidential and are protected against eavesdropping and manipulation. Our DoH servers are based in the UK, guaranteeing low-latency and GDPR-compliant data handling.

For more information about DNS privacy and other secure protocols like DNS over TLS (DoT), explore the related documentation pages.

Give us Feedback Support Our Project
Share Share Share Share
Cookies? Nope, we don’t use them — so there’s nothing to accept!