How to ensure online safety with DNS over HTTPS
Concerned about data privacy issues, companies are implementing innovative tools to protect from Internet tracking and inappropriate data collection and usage.
With the increasing use of the Internet, security risks and data confidentiality threats are becoming more serious. Today many organizations, service providers, and third-party entities secretly and sometimes even illegally obtain and sell user information.
Concerned about data privacy issues, companies are implementing innovative tools to ensure the highest protection against tracking and inappropriate data collection and usage. The goal is to help users feel secure about their online activities that may include visiting different websites, making purchases, sharing or exchanging data, and more.
DNS (Domain Name System) is a naming system for websites, computers, services, or other resources connected to the Internet where each device/service is given a unique IP (Internet Protocol) address. In fact, it is a phonebook of the Internet that presents the actual numerical IP address related to hosting and domain names.
This way, people can access services or content online through domain names that look like bbc.com or yahoo.com. Thanks to DNS, there is no need for memorizing IP addresses. Although it’s seemingly impossible to imagine the existing online world without DNS, there are some challenges associated with data protection that have to be solved.
Now it’s very important to integrate security mechanisms for protecting DNS traffic. Although web traffic and other communications can be secured with cryptographic protocols (e.g., TLS — Transport Layer Security) and other tools, user-to-server requests and server-to-user responses are not encrypted. Data is transmitted mostly via text. Therefore, it contains the hostnames browsed by the user which presents the risk of Internet tracking.
This means that your provider or a third party can easily trace and log websites that you visit and collect information. By monitoring the communication channel, an intruder can intercept unprotected personal data and use it to their advantage, say, for filtering content or for advertising purposes.
What’s more, besides passive “eavesdropping”, the user can face more active attacks on its DNS traffic, for instance, DNS spoofing by the provider. This practice implies the assignment of the domain name of another system by either distorting cache data of the name service or specifying a “valid” domain to the domain name server.
DNS over HTTPS (DoH) protocol was created to solve all of these issues. At the moment, it is supported by Google, Cloudflare, and Mozilla Foundation.
What is DNS over HTTPS?
In 2016, an innovative experimental protocol — DNS over HTTPS — was launched. On June 26, 2019, in its blog about security, Google announced general availability for DoH service.
Being a new IETF (Internet Engineering Task Force) standard published as RFC 8484, DoH incapsulates DNS queries into HTTPS packets, converting them into encrypted traffic. Encryption guarantees that the traffic won’t be scanned or changed. It also ensures that the fake DNS server won’t be able to receive or process requests.
The principal objective of DoH is to improve security and provide safety for user data on the Internet by guarding against eavesdropping and manipulation of DNS traffic. Testing of ISP DNS resolvers has found that slow response time is a frequent problem for users.
Since there are some circumstances where it becomes necessary to resolve multiple hostnames when loading a web page, this issue may get aggravated. So, another task of the DoH protocol is to fix this problem by increasing the overall performance.
How Chrome and Firefox are adopting DoH
Recently, both Google Chrome and Mozilla Firefox have declared the integration of DNS encryption using DNS over HTTPS. On September 6, 2019, Mozilla announced an important step to make this service the default in one of the future releases of its browser. Just four days later, on September 10, 2019, Chromium developers announced the same decision regarding their company.
Mozilla started working on the DoH protocol in 2017 and has been experimenting with it since June 2018. As a result of testing, it ensured that the service provides high performance without conflicting with parental control settings and corporate policies. If there are such settings or some other issues associated with DNS resolution are identified, DoH is turned off.
The organization’s plan is to start and grow gradually. In the beginning the plan to switch on DNS over HTTPS Firefox for a small audience in the USA and monitor the service functionality and the implementation process on the whole. If there are some problems, the task is to solve them and find a way to prevent them. When developers make sure that everything is okay, DoH will be deployed for all the users.
Unlike Mozilla which is adopting a new feature by degrees, Google decided to conduct an experiment without geographic limitations in the next build of Chrome 78. It is noteworthy that the testing of DNS over HTTPS Chrome will be on all supported platforms (except Linux and iOS operating systems) for a fraction of the audience.
Google connected six DoH-compatible providers to the experiment that were picked due to their high level of digital trust and security. This list includes Google, Cloudflare, Cleanbrowsing, and others.
As a result of these significant efforts towards encrypting traffic and increasing online security, users will feel confident in the privacy of their data.
To sum up, DNS over HTTPS is an important measure of improving user safety on the Internet. First, the DoH protocol doesn’t let other users, service providers, or third parties view which websites you visit and collect data.
Second, it prevents potential threats like spoofing or pharming attacks (the goal of a pharming attack is to redirect the actual site traffic to the fake site). This benefit has tremendous prospects to increase online data security and privacy.
If you have any questions about this topic, want to express your thoughts, or just liked this article, please, share in the comments below. We’ll be glad to help you solve your challenges and discuss technical issues as well.
Daniel is a CEO at YSBM Group with 8 years of experience in IT business management. He pays great attention to the implementation of the latest IT-technologies, innovations, and their optimization for the business tasks.
Daniel is constantly striving to gain new knowledge in the most popular areas of the IT industry, such as cloud computing, RPA, Big Data, IT outsourcing, and much more. He gladly shares useful information in articles and is always ready to discuss interesting projects.