What is encrypted DNS / DoT (DNS over TLS) or DoH (DNS over HTTPS)?

DNS over TLS is long over due, and here’s why.

Should I care and does it affect me?

Yes.

TLS or Transport Layer Security, is the same technology that protects your browsing when using HTTPS. It basically wraps HTTP into a secure tunnel, so that no one can see or manipulate what’s going on. You know, when you see a green lock in your browser, to tell you that you’re safe.

The same technology is available for DNS, to protect your DNS queries from being spied on or manipulated.

What’s a DNS query anyway?

DNS or Domain Name System, is the thing that makes it possible for you to enter an address like example.com in your browser, and have it point to an IP address so that you can reach that website. It basically turns human readable and memorisable names into less memorable numbers, so that you don’t have to remember them! It also allows for more advanced things, that are out of the scope of this article. But basically, it’s a core part of the internet and you use it every day. 🙂

What can happen if my DNS is not protected?

You can be spied on by anyone on the line. That means your ISP while you’re browsing at home or on cellular data. Also, your hotel, café, airport or other public place while you are using its open Wi-Fi, and everyone that is nearby. And your employer while you’re at work.

OK I don’t care. Is there a better argument than privacy?

Yes. Manipulation. Unprotected DNS also means that anyone can manipulate your requests, which can be used for censorship or to point you to a malicious copy of a website for phishing. Such an attack is called a MITM (man in the middle) attack. This can lead for example to loss of money and even identity theft. Phishing is a real issue that many people still fall for.

Are there other ways to protect other than DoT?

Yes, there is also DoH which is DNS over HTTPS, which is essentially the same as DoT except that DNS is going through HTTP, which in turn is going through TLS which together is the well known HTTPS.

How do I set it up? Is it easy?

Yes! If you’re on Android 9 or newer, or on a computer using Firefox, you can easily set it up! And I’ll post follow-up guides on how to do so. There are also ways on other platforms, which require a bit more involvement.

Subscribe by email or RSS to know when I post more! Don’t miss out on follow-ups!

Guides

External Links

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.