Safe Surfer invests in modern technologies to make surfing the web a safer experience for you. We have been keeping our eye on a new set of technologies that is being freshly released to devices by major technology companies and organisations via device updates: DNS over HTTPS (DoH) and DNS over TLS (DoT). Apple, Microsoft, Google, and Mozilla have been releasing support for DoH and DoT into their products since 2019 and 2020.
DNS operates on computer servers, and it is like a telephone book for devices. Most people by default automatically use DNS servers that their Internet Service Provider (ISP) provisions by default. When you use broadband or mobile data and you do not manually configure your device or router to use a specific DNS server, chances are you will be using a DNS server that is run by your ISP.
Are there any downsides to classic DNS today?
Classic DNS has a major privacy flaw—any kind of URL request you make over the public Internet can theoretically be intercepted and read by anyone, even your ISP. This is called sending “plain text”—data that is not encrypted before it is sent.
What is DoH and DoT?
DoH and DoT are an encrypted form of classic DNS. Instead of sending data unencrypted, these newer methods encrypt the data before it is sent using advanced cryptographic protocols.
- DoH encrypts DNS data using the HTTPS protocol.
- DoT encrypts DNS data using the TLS protocol.
Both of these methods are very similar, but they have differences from a technical viewpoint. From a consumer perspective, they both provide an extremely high level of privacy when it comes to encrypting search data. DoT takes advantage of newer technologies, so if you are given a choice and it is supported by your device, it is the better option of the two available.Many operating systems and web browsers now either fully support or are in testing phases for DoH and/or DoT support. This includes, but is not limited to:Operating systems:
- Android 9 and higher
- iOS 14 and higher; iPadOS 14 and higher
- Windows 10 version 21H1 and higher (to be released early 2021)
- macOS 11 Big Sur and higher (to be released late 2020)
As of publishing this article, Chrome OS currently does not support DNS encryption.
NOTE: If you have configured your operating system to use DoH or DoT, you do not need to additionally configure your web browser to use your DNS encryption method of choice.
- Any Chromium-based browser (e.g. Google Chrome, Microsoft Edge, Opera)
- Mozilla Firefox
How is DoH and DoT useful to me?
The DoH and DoT protocols encrypt your Internet URL/IPv4 request data. This increases privacy for consumers.
How is Safe Surfer going to use these new technologies?
A major part of the Safe Surfer service relies upon the DNS technology (in DNS being a “phonebook”, we can therefore allow or block specific websites). As classic DNS is progressively phased out for most consumers, we will be providing DoH and DoT options for our customers. Our iOS app now supports both DoH and DoT, and we also provide DoH and DoT URI links for operating systems and web browsers to use.