« Previous 1 2
DNS name resolution with HTTPS
Confidential Game
DoH in Everyday Operations
The popular DNS servers already offer DoH interfaces. If you forward the requests from a proxy web server, you can hide them in your normal HTTPS traffic. Moreover, the classic HTTP Authenticate methods for authenticating clients before they use the DNS server do not work. To implement a modicum of protection for your DoH server, you can adapt the URL for the request. In fact, this allows your HTTP proxy to then address different back-end servers based on the URL and return filtered responses for some users.
Conclusions
The entire Internet communication is built on the DNS system, yet the tried-and-tested service by no means receives the attention it deserves. DoT and DoH change the outlook. This article provides insight into how DNS over HTTPS works. In this case, too, innovation has two sides; you will need to assess the advantages and disadvantages of DoH on individual merit. Common software tools such as web browsers already support it.
Therefore, it is up to you to decide whether to continue using your provider's DNS service, whether encrypted or unencrypted, or whether to switch to a provider with a clear focus on data protection, possibly even including malware protection. As an administrator, you will definitely want to keep an eye open for potentially hidden DoH traffic on your network.
Infos
- Censorship-free DNS server by Digitalcourage: https://digitalcourage.de/en
- DNS data protection: https://www.cloudflare.com/learning/dns/dns-over-tls/
- Cloudflare DNS: https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/
- Google DNS: https://developers.google.com/speed/public-dns/
- DNS service Quad9: https://www.quad9.net
« Previous 1 2
Buy this article as PDF
(incl. VAT)