Companies like Microsoft, Google and Mozilla promote DNS via HTTPS (DoH). This technology will encrypt DNS searches, improving internet privacy and security. But it is controversial: Comcast is pushing against it.
Here's what you need to know.
What is DNS Over HTTPS?
The web promotes encryption of all by default. At this point, most of the sites you access are likely to use HTTPS encryption. Modern web browsers like Chrome now mark any website that uses standard HTTP as "unsafe". HTTP / 3, the new version of the HTTP protocol, has encryption.
This encryption ensures that no one can break into a website while viewing or monitoring what you do online. For example, if you log on to Wikipedia.org, your network administrator - whether it is a business Wi-Fi hotspot or your ISP - can only see that you are logged in to wikipedia.org. They can not see which article you are reading and can not edit a Wikipedia article during the transfer.
But in promoting encryption, DNS is lagging behind. The domain name system makes it possible to connect to websites through their domain names and not by using numeric IP addresses. Enter a domain name such as iguru.gr and your system will contact the configured DNS server to obtain the IP address associated with iguru.gr. It will then connect to this IP address.
So far, these DNS searches have not been encrypted. When you link to a website, your system turns off a request saying that you are looking for the IP address associated with a domain. All intermediaries - possibly your internet service provider, but perhaps just a public Wi-Fi hotspot access point - could record which domains you are connecting to.
Today, most people use DNS servers provided by their ISP. However, there are many third-party DNS servers such as Cloudflare 126.96.36.199 The Google Public DNS and OpenDNS . These third-party providers were among the first to enable server support for DNS over HTTPS. To use DNS over HTTPS, you will need a DNS server and a client (such as a web browser or operating system) that supports it.
Who will support it?
Google and Mozilla are already testing DNS over HTTPS in Google Chrome and Mozilla Firefox. On November 17, 2019, Microsoft announced that it would adopt DNS over HTTPS in Windows networking. This will ensure that every Windows application has the benefits of DNS over HTTPS.
You can also go to chrome: // flags / # dns-over-https to enable it.
In the current fixed version of Firefox today, you can go to Menu> Options> General, scroll down and click on "Settings" in the Network Settings area to find this option. Enable "Enable DNS via HTTPS."
Apple has not mentioned anything about DNS over HTTPS, but we expected it to follow the rest.
Why is Comcast Lobbying against it?
It sounds very controversial and it is. Comcast is obviously pushing to stop Google from deploying DNS over HTTPS because something will be lost.
In a Motherboard post, Comcast claims that Google is pursuing "unilateral plans" ("together with Mozilla") to enable DoH and "[collect] the majority of global DNS data in Google," which would mean "A fundamental change in the decentralized nature of Internet architecture. ”
Many of them are wrong. Mozilla's Marshell Erwin told Motherboard that "the allegations as a whole are extremely misleading and inaccurate." In a post on the company's blog, Chrome product manager Kenji Beaheux points out that Google Chrome will not force anyone to change their DNS provider. Chrome will work with your current system DNS provider, and if it does not support DNS over HTTPS, Chrome will not use DNS over HTTPS.
Since then, Microsoft has announced plans to support DoH at the Windows operating system level. So with Microsoft, Google and Mozilla embracing the new technology, it is not a "unilateral" plan by Google.
Some people think that Comcast does not like DoH because it can no longer collect DNS search data. However, Comcast said it was not spying on DNS searches. The company insists it supports encrypted DNS but wants a "collaborative solution across the technology community" rather than "unilateral action".
How will DNS Over HTTPS work?
With Comcast's weird objections, let's take a look at how DNS works via HTTPS. When DoH support is enabled in Chrome, Chrome will only use DNS over HTTPS if supported by the system's current DNS server.
In other words, if you have a provider like Comcast and refuses to support DoH, Chrome will work as it does today without encrypting DNS searches. If you have selected another DNS server (Cloudflare DNS, Google Public DNS, or OpenDNS), Chrome will use encryption to "speak" to your current DNS server, automatically logged in.