DNS over HTTPS in 2 Minutes

December 19, 2020

In this video we will learn about the DNS over HTTPS technology or DOH for Short and its future replacement Oblivious DoH

In order to explain DoH we need to talk about what DNS does

DNS maps a domain name to an IP address so the packets can be routed through different networks in the Internet

This is done by sending a UDP packet to the DNS resolver on port 53

However! the UDP packet is unencrypted and any in-route devices such as ISPs can see this query and know the websites the client is visiting

DNS over HTTPS establishes a Secure connection through TLS between the client and the resolver.

So the DNS query is sent encrypted with the symmetric key agreed by both the server and the client.

This STOPS anyone in the middle from sniffing the content of the DNS queries

Except! The DoH server knows the DNS query because it has to decrypt the packet and it also knows the client IP address

So bad or misbehaving DoH servers may decide to log and sell this data to the highest bidder

That is why Apple, Fastly and Cloudflare came up with a new technology called oblivious DNS over HTTPs or oDOh!

oDoH adds a proxy layer in the middle so the resolver doesn’t know the original client IP address and the entire communication is encrypted end-to-end so even the proxy doesn’t see the content of the dns query. Learn more about oDoh in my video in the info cards

Thank you so much for watching! make sure to subscribe and check out the other content of the channel I discuss all sorts of software engineering topics, news, tutorials and my content range from short videos like this one to lengthy deep dive free-form lecture style, see you in the next one stay awesome!

🎙️Listen to the Backend Engineering Podcast
https://husseinnasser.com/podcast

🏭 Backend Engineering Videos