Everyday Internet & Troubleshooting
What Is DNS over HTTPS (DoH)?
Traditionally, DNS lookups travel in the clear — anyone on the path can see which sites you're resolving. DNS over HTTPS closes that gap.
The privacy gap in classic DNS
Even on an HTTPS-secured web, one step often leaked information: the DNS lookup. When your device asked "what's the IP for example.com?", that question traditionally traveled unencrypted, so your ISP or anyone on the network could see every domain you looked up — even if they couldn't see the pages themselves.
How DoH fixes it
DNS over HTTPS (DoH) sends your DNS queries inside an encrypted HTTPS connection to a DNS resolver. To an observer, the lookups look like ordinary web traffic and their contents are hidden. A related standard, DNS over TLS (DoT), achieves the same encryption over a dedicated port.
The benefits
- Privacy: your ISP and network snoops can no longer see which domains you resolve.
- Integrity: encrypted lookups are much harder to tamper with or redirect.
- Bypassing basic manipulation: DoH can sidestep crude DNS-based blocking or interception.
The trade-offs and debates
DoH isn't universally loved. Because it can route lookups to a third-party resolver, it shifts trust from your ISP to whoever runs that resolver — so their privacy practices matter. It can also complicate network setups that rely on seeing DNS, such as parental controls or corporate filtering. As with VPNs, encryption moves the question of trust rather than eliminating it.
Using it
Most modern browsers and operating systems support DoH and may enable it by default, often letting you choose the resolver. Combined with HTTPS everywhere, it closes one of the last common leaks in everyday browsing — a meaningful step for anyone who cares that their choice of websites stays their own business.