DNS over HTTPS

DNS is used to resolve the name of a website to its IP-address, which can then be used to retrieve the actual content from the server. Plain DNS queries are unencrypted and can be read as well as modified by any party between you and your DNS server. DNS over HTTPS is using TLS to achieve confidentiality and integrity. The technique behind traditional DNS and DNS over HTTPS is explaind by Mozilla in an article.

DNS follows a distributed approach making it hard, even for skilled attackers, to accumulated information of many parties. However, DNS over HTTPS is centralized around a few servers, at least in it's current state. If one of those few servers becomes a target of a successful attack large parts of the whole internet are threatened.

Cloudflare explains how developers can try their DNS over HTTPS service from the command line:

% curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=example.com&type=AAAA'

• ← Android 9 "Pie" has been released
• The Commons Clause and Redis →