How to use the DNS Over HTTPS (DoH) protocol to improve online security
Introduction to DNS Over HTTPS (DoH)
DNS (Domain Name System) translates website domain names, such as pcbuyyerbeware.co.uk, into their numerical IP addresses. If you enter a website’s IP address into a web browser instead of its domain name, the browser brings up the website.
If you want to find out what the IP address is for a particular domain name in Windows, enter the cmd command in the Search box. This brings up a Command Prompt. Type the command tracert [domain name] at the prompt and press Enter.
Ordinary DNS requests are sent over an unencrypted connection
Even if you are visiting a site using HTTPS, the DNS request (pcbuyerbeware.co.uk) is sent to a DNS server over an unencrypted connection. That means that even if you are browsing https://www.pcbuyerbeware.co.uk, anyone listening to packets on the network knows you are visiting pcbuyerbeware.co.uk. In short, the connection is not fully secure. Unencrypted DNS makes it relatively easy for someone with the knowledge to change DNS responses to route unsuspecting visitors to their phishing, malware or surveillance site. The technology that runs DNS requests over the HTTPS protocol is called DNS Over HTTPS (DoH), which removes that security loophole.
Microsoft’s implementation of DNS Over HTTPS in Windows 10
Microsoft’s says that its implementation of DoH in Windows 10 will obey the default DNS server and only enables DoH itself if the default DNS server, or the one you choose, supports it.
Microsoft Is Adding DoH to Windows 10 –
Web browsers that support DoH
The Mozilla Firefox and Google Chrome web browsers support DoH.
Instructions are available on the web on how to enable DoH in Chrome.
Here is the click path to enable DoH in Firefox:
Main menu => Tools => Options => General tab => Go to its bottom => Network Settings => Settings button => Go to its bottom => Enable DNS Over HTTPS – as shown in the image below.
By default, Firefox uses the Cloudflare implementation of DoH. There is an option to choose other providers.
Privacy declaration if you choose Cloudflare’s implementation of DNS Over HTTPS –
“Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted.”