How is the implementation of DNS-over-HTTPS

Let’s talk about browser developers using the new protocol. Let us explain why Internet providers and regulators of the USA and Great Britain oppose this initiative.


/ Unsplash / Pietro jeng

Who is implementing

Developers from Mozilla are testing DNS-over-HTTPS since the summer of 2018. In February this year, the company made DoH the default protocol for all US users. Its support is automatically activated when installing the browser. In the future, this practice will be extended to other countries. Interestingly, the developers chose quite aggressive policy of introducing new items. Firefox will automatically change the DNS provider for the user if the current operator does not support encryption of requests to the domain name system.

Deploys DoH and another browser vendor – Google. Test protocol have begun back in Chrome 78. Full support added in the public release of version 83, which was released a month ago. Unlike colleagues, Google took a softer approach to the implementation of the new protocol. The corporation browser will enable DoH only if the user’s provider is in the list of compatible. Otherwise, the browser will work without encrypting DNS queries.

About what else we write in our blog on Habré:

  • How “swirling light” got into optical networks
  • FCC opens 6 GHz band for wireless networks – why not everyone thinks it’s a good idea
  • Discussion: 172 Tbit / s – a new record for data transmission speed for multicore optics

New protocol activated and in Opera, encrypted traffic is routed through the DNS service of one of the western cloud providers. Are planning introduce DoH and the authors of Brave, but still can not give an exact implementation date.

Who opposes

DNS-over-HTTPS is opposed by some Western Internet providers. According to them, the new protocol interferes with the work of system administrators. Because traffic is encrypted, it’s more difficult for them to block potentially malicious sites on corporate and private networks. The protocol also complicates the search for virus attacks that are already have learned Encapsulate traffic in DoH and use it for your own purposes. For example, last summer, experts from Netlab discovered Godlua virus. The malware used DoH to get the text records (TXT) of the domain name and extracted the URLs of the management servers.

Representatives of telecommunications companies also celebratethat DoH deprives users of the ability to configure parental controls – since traffic cannot be distinguished. However, browser developers offer solutions to the problem. For example, Firefox automatically disconnect DoH if the user has activated the parental controls functions.


/ Unsplash / Rishi deep

U.S. telecoms are also worried that large companies such as Google may take advantage of their market power and convince users to connect to the company’s DNS servers. This situation can lead to traffic centralization. At the end of last year, Internet providers even prepared a presentation on this topic made by members of the US Congress. Now the american regulator is planning Check if DNS-over-HTTPS will damage the network security and healthy competition in the market.

The UK regulator also expresses its concerns regarding DoH. There, providers use DNS to implement filters for prohibited content, the settings of which regulated legislation. Encryption of traffic in DoH can interfere with their work. However in mozilla already notedthat will not activate DNS-over-HTTPS in the country. Despite this, British Telecommunications still supports the new protocol – in the company convincedthat encrypting DNS queries will increase user security.

In any case, the issue of mass distribution of DNS-over-HTTPS is still open, despite the initiatives of browser developers. But when more people start using the protocol, it will become clear in which direction regulation will continue to develop.

Materials from our corporate blog:

Similar Posts

Leave a Reply