🦆 IP Ducky

Everyday Internet & Troubleshooting

What Is DNS over HTTPS (DoH)?

Traditionally, DNS lookups travel in the clear — anyone on the path can see which sites you're resolving. DNS over HTTPS closes that gap.

The privacy gap in classic DNS

Even on an HTTPS-secured web, one step often leaked information: the DNS lookup. When your device asked "what's the IP for example.com?", that question traditionally traveled unencrypted, so your ISP or anyone on the network could see every domain you looked up — even if they couldn't see the pages themselves.

How DoH fixes it

DNS over HTTPS (DoH) sends your DNS queries inside an encrypted HTTPS connection to a DNS resolver. To an observer, the lookups look like ordinary web traffic and their contents are hidden. A related standard, DNS over TLS (DoT), achieves the same encryption over a dedicated port.

The benefits

The trade-offs and debates

DoH isn't universally loved. Because it can route lookups to a third-party resolver, it shifts trust from your ISP to whoever runs that resolver — so their privacy practices matter. It can also complicate network setups that rely on seeing DNS, such as parental controls or corporate filtering. As with VPNs, encryption moves the question of trust rather than eliminating it.

Using it

Most modern browsers and operating systems support DoH and may enable it by default, often letting you choose the resolver. Combined with HTTPS everywhere, it closes one of the last common leaks in everyday browsing — a meaningful step for anyone who cares that their choice of websites stays their own business.

🦆 Check your own IP address