Welcome to the “UC International Technology” public account, we will provide you with the client, server, algorithm, testing, data, front-end and other related high-quality technical articles, not limited to original and translation.
Today, Google announced in a blog post that the Google Public DNS server officially supports DoH encryption, providing users with easy access while protecting their privacy.
Google says the web has changed a lot since it launched Google Public DNS eight years ago, and users urgently need to protect their privacy. The mission of Google Public DNS is to improve THE security and accuracy of DNS for all users around the world, so Google DNS began to support DoH encryption.
Currently Google Public DNS has full access to DoH encryption and minimizes TLS overhead, including TLS 1.3 and TCP fast open. The encryption function has an impact on the query speed, but after optimization, the impact has been very small, most users will not feel the delay caused by encryption.
DNS encryption and DoH: DNS encryption and DoH: DNS encryption and DoH: DNS encryption and DoH
Why does DNS need encryption
When DNS was designed, the Internet was basically a toy. The Internet protocols of those days had no regard for security, and DNS was certainly no exception. Therefore, the DNS interaction process is all [plaintext] drops, neither “confidentiality”, nor “integrity”.
- The lack of “privacy” means that anyone who can monitor your Internet traffic can see which domain names you look up. The immediate issue is the privacy risk.
- The lack of “integrity” means that anyone who can modify your web traffic can modify your query results. The immediate problem is “DNS spoofing” (also called “DNS contamination” or “DNS cache poisoning”).
In order to solve these disadvantages of traditional DNS, several network protocols were born to strengthen the security of domain name system. The DoH is the latest and most promising.
DoH who
DoH is short for DNS over HTTPS. As the name implies, DNS over HTTPS is a domain name protocol based on the HTTPS tunnel. HTTPS is HTTP over TLS. So the DoH is the equivalent of a double tunnel agreement.
DoH ultimately relies on TLS to achieve confidentiality and integrity. The advantage of this is that even if someone is monitoring your Internet traffic, there is no way to determine which TLS traffic is used for domain name queries and which is used for web traffic. In other words, DoT protocol traffic cannot be identified separately.
Also, because the DoH is based on HTTP. Mainstream programming languages have mature HTTP protocol encapsulation libraries; Plus the HTTP protocol itself is simple to use. Therefore, it is very easy to develop a DoH client in any major programming language.
Discussion of DoH
Browser support
- Firefox has been supporting DoH since version 62, see the Official Mozilla blog for details. Address: blog.nightly.mozilla.org/2018/06/01/…
- Chrome/Chromium supports DoH from version 66. See issue on the Chromium website for details. Address: bugs.chromium.org/p/chromium/…
DoH is already supported in Firefox and Chrome/Chromium, but don’t rush to use it. If history is any guide, new features that have been added may not be stable enough, or may have undiscovered security vulnerabilities. Wait a few more versions.
Refer to the article: program-think.blogspot.com/2018/10/Com…
Redux: How to Become a Domain expert from UI Engineering Elements
UC International Technology is committed to sharing high quality technical articles with you
Please follow our official account and share this article with your friends
