Whenever you visit a website, even if you are using a site with SSL, the DNS query that converts the web address into an IP address will be sent unencrypted.

DNS over HTTPS (DoH) encrypts the request so that it can’t be intercepted or hijacked in order to snoop on users or swap out the real URLs for malicious sites.

Enable DNS over HTTPS

The process works by using third parties to query the URLs. Companies such as Cloudflare and NextDNS are part of the set-up in Firefox and process the DoH queries. From the end of February 2020 Firefox will enable DoH by default for users in the United States.

In the UK, GCHQ has issued a warning about the plans for DoH by default for new encrypted browsers, saying it could increase the risk of cyber-attacks and impede police investigations.

DoH, when enabled, ensures that your internet service providers cannot collect and sell personal information related to your browsing behavior. However, only certain parts of the DNS lookup process are encrypted, and ISPs will still be able to see which IP addresses their users are connecting to.

Enabling DNS over HTTPS

Unless you live in the United States and are using Firefox DoH will not be turned on by default, however, it is currently available as an option in most popular browsers.

Mozilla Firefox

  • Go to Settings (about:preferences) scroll down to Networking
  • Check the Enable DNS over HTTPS option
  • Select either of the DNS servers, or enter your own.

Microsoft Edge *

Opera

Brave *

Vivaldi *

Google Chrome *

* DNS Servers

Edge, Brave, Vivaldi and Google Chrome require an additional step before DoH is enabled.

Currently, even with DoH enabled these browsers will only send encrypted HTTP requests if the DNS server is able to process them. If not it will continue to send requests unencrypted.