If you have a list of bad servers, Ubisoft is not the top one, but Nintendo Switch’s headbalding networking service is also a must. Although Nintendo has set up a Hong Kong CDN server to speed things up, the speed of the update installation has not changed significantly. Generally at this time everyone will choose to change the DNS to improve the NS download speed.
DNS (Domain Name System) is a very common term in work life. Users just need to input a recognizable web address in the browser, and the system will find the corresponding IP address in a very short time. During the resolution process, DNS accesses various name servers and retrieves the stored numeric addresses corresponding to the URLs. Until now, DNS has been developed for decades, and while it is widely used, there has been little concern about its security.
From a security perspective, requests are usually transmitted without any encryption and DNS that can be read by anyone is not secure. This means that cybercriminals can easily use their own servers to intercept a victim’s DNS and redirect requests to phishing sites that post malware or flood normal sites with ads to attract users, a practice known as DNS hijacking. In order to reduce this, industry experts are currently struggling to discuss the feasibility of HTTPs-based DNS (DOH) options. So what is DNS over HTTPS, and can it make the Internet more secure? Let’s take a look.
Why do you need DNS over HTTPS?
In everyday Internet surfing, some Internet providers (ISPs) deliberately use DNS hijacking to provide an error message if a user enters a URL that cannot be resolved (for example, because of a typo). Once the ISP blocks the content, it directs users to its own website, where it or a third party’s products are advertised. While this is not illegal and does not directly harm the user, such redirects can still be annoying. Therefore, using the DNS protocol alone is not very reliable.
DOH (DNS over HTTPS) is the use of secure HTTPS protocol to run DNS, the main purpose is to enhance the user’s security and privacy. By using an encrypted HTTPS connection, third parties will no longer influence or monitor the parsing process. As a result, the fraudster will not be able to view the requested URL and make changes to it. If HTTPs-based DNS is used, the Transmission Control Protocol (TCP) in the DOH will react more quickly when data is lost in transit.
Currently, DOH has not become a global standard on the Internet, and most connections still rely on basic DNS. So far, only two companies, Google and Mozilla, have ventured into this space. Google is currently testing the feature with some users. In addition, there are applications for mobile devices that can also be used to surf the Web through the DOH. Android Pie also offers the option to enable HTTPs-based DNS via network Settings.
How does DNS over HTTPS work?
Usually some domain name resolution is done directly from the user’s client, and the corresponding domain name information is stored in the browser or router’s cache. Everything that is transferred needs to be connected through UDP because it allows for faster exchange of information. But as we all know, UDP is neither secure nor reliable. When using this protocol, packets can be lost at any time, because there is no mechanism to guarantee the reliability of the transmission.
The DOH relies on HTTPS, and therefore on TCP, a protocol that is used more frequently on the Internet. This allows both the connection to be encrypted and the TCP protocol to ensure complete data transfer. In addition, with HTTPs-based DNS, communication always takes place over port 443 and the actual network traffic (for example, visiting a Web site) is transmitted on port 443. As a result, outsiders cannot distinguish DNS requests from other communications, which also guarantees a higher level of user privacy.
Advantages and disadvantages of DOH
The advantages of DOH are obvious. The technology improves security and protects user privacy. Compared to traditional DNS, DOH provides encryption measures. It uses HTTPS, an industry-common security protocol, to send a DNS request to a DNS server so that the carrier or a third party knows nothing but the originator and destination, and nothing else, throughout the transmission, even if we made the DNS request.
DOH encryption can prevent eavesdropping or interception of DNS queries, but it also brings some potential risks. Some Internet security measures implemented over the years have required the DNS request process to be visible. Parental controls, for example, rely on carriers to block access to certain domains for some users. Law enforcement agencies may want to use DNS data to track criminals, and many organizations use security systems to protect their networks, which also use DNS information to block known malicious sites. The introduction of the DOH could have a serious impact on these situations. Therefore, the DOH is currently in the period of self-configuration. Users need to be clear about who can see the data, who can access it, and under what circumstances.
The DoH and DoT
In addition to HTTPs-based DNS, there is currently another technology used to secure the domain name system: TLs-based DNS (DoT). The two protocols look similar, and both promise greater user security and privacy. However, both standards were developed separately, and each has its own RFC documentation. DOT uses the security protocol TLS, adding TLS encryption on top of the User Datagram Protocol (UDP) used for DNS queries. DOT uses port 853, while DOH uses port 443 for HTTPS.
Because DOT has dedicated ports, anyone with network visibility can detect DOT traffic going back and forth, even if the request and response themselves are encrypted. In the DOH, on the other hand, DNS queries and responses are somewhat disguised in other HTTPS traffic because they are all coming in and out of the same port.
Which is better about DOT or DOH? That’s up for debate. But from a cybersecurity standpoint, DOT is arguably better. It enables network administrators to monitor and block DNS queries, which is important for identifying and blocking malicious traffic. DOH queries, on the other hand, are hidden in regular HTTPS traffic. This means that it is very difficult to block all other HTTPS traffic without blocking it.
Recommended reading
The most easily stolen password, have you hit it?
Talk about the little knowledge of DNS