/ Is DNS over HTTPS (DoH) the next big thing for online privacy, or does it have more risks than benefits? This is quite an important consideration, especially for those users who use Virtual Private Networks (VPNs) to ensure that their online activities remain as secure as possible. In simpler terms, does DNS over HTTPS mean the future of internet privacy?
But what is DNS over HTTPS exactly?
DNS over HTTPS (DoH) is a security and privacy protocol that layers encryption on top of DNS queries. DNS queries, which basically resolve domain names to IP addresses, are normally sent in plain text; thus, they are possible to intercept and manipulate. DoH wraps DNS queries inside HTTPS, making it snooping and tampering much harder for attackers on DNS traffic.
Benefits of DoH
- Stronger Privacy: By encrypting DNS queries, it is ensured that no one, not even ISPs or hackers, can see the sites that a user is trying to visit. This highly reduces the likelihood of a danger such as DNS hijacking and spoofing attacks.
- Man-in-the-Middle Attacks: It also prevents MitM attacks, in which an attacker intercepts the communication between a user and a DNS resolver.
- Browsers Integration: Leading browsers such as Google Chrome and Mozilla Firefox have begun to implement DoH. It explicitly shows that users can benefit from better DNS privacy without the need for modifications in the system settings.
Cons of DoH
- Security Issues: One of the considerable issues is that though DoH improves the privacy of the connections, it, in turn, can assist malware in making its traffic look like other normal browser requests. Bad actors are now even exploiting DoH to bypass the traditional security mechanisms which are based on DNS, lifting the bar for their detection and prevention by security teams.
- Bypass Enterprise Controls: This feature of DoH can bypass the network security controls in an enterprise that are DNS traffic monitoring-based. The breach results in data leakage, and it becomes harder for IT departments to enforce network policies.
- More Complication for ISPs and Enterprises: The infrastructure within a given network would need to be changed for DoH deployment. In this case, the deployment of DoH would require upgrading by both ISPs and enterprises to adopt the traffic as it is, requiring attention in time and cost areas.
VPNs vs. DoH
While VPNs and DoH have a common objective to enhance privacy online, they do so through different ways.
- VPNs encrypt all internet traffic from the user’s device to a VPN server, including DNS queries. Therefore, the range of security is much broader: it covers up the user’s IP and encrypts the data in transfer, making it arduous for anybody to trace the online activities.
- DoH encrypts just the DNS query. It makes DNS requests more private, but it doesn’t hide the user’s IP address or encrypt any other kind of Internet traffic. That means DoH will protect you from threats such as DNS spoofing, but it won’t provide this type of general protection that a VPN does.
Using DoH and VPNs Together
And DoH can even secure DNS queries while using a VPN, the next layer of security. That is, for instance, with many of the VPN services fully supporting DoH, the end user could also get in on all that encrypted DNS query fun while connecting to his or her VPN.
This is where things could get a little dicey though. Many VPNs are completely dependent on “old school” DNS traffic to watch for and block malicious domains. For these VPNs, DoH encrypts DNS requests. In effect, they could lose that visibility due to the encryption of DNS traffic with DoH and therefore fail to be as effective in blocking harmful sites.
Future of DoH and VPNs
With growing internet privacy concerns, DoH adoption is likely to grow. Browsers and operating systems are increasingly integrating DoH for robust DNS privacy. But it ushers a new set of its own, particularly for those companies that need to balance the fine line between privacy and security with the current industry regulatory requirements.
For now, VPNs remain one of the most important tools for total online privacy and security. This is very wide protection, as the encryption goes beyond DNS queries, securing the entire internet traffic. With time, DoH may possibly stand side by side with VPNs for another layer of DNS privacy.
In conclusion, though, DoH is a very powerful tool toward enhancing DNS privacy, but it should not completely replace VPNs. This has to be taken as an extra feature upon VPNs in order to have the added security of the DNS query. The user might consider utilizing both VPNs and DoH technologies to enhance their privacy.
