Understanding DNS: The Phone Book of the Internet
Every time you type a web address into your browser, your device needs to translate that human-readable domain (like example.com) into a numeric IP address that servers understand. This translation is handled by the Domain Name System (DNS).
By default, these DNS queries are sent in plain text — completely unencrypted. This means your Internet Service Provider (ISP), your network administrator, or anyone monitoring your connection can see every domain you try to visit, even if the actual page content is protected by HTTPS.
What Is DNS over HTTPS?
DNS over HTTPS (DoH) is a protocol that encrypts DNS queries by sending them through the same HTTPS channel used for regular web traffic. The result: your DNS lookups are no longer visible in plain text to your ISP or any network-level observer.
DoH was standardized in RFC 8484 and is now supported natively in major browsers including Firefox, Chrome, Edge, and Brave, as well as in Windows 11 and newer versions of Android.
DoH vs. Traditional DNS: What Changes?
| Feature | Traditional DNS | DNS over HTTPS |
|---|---|---|
| Encryption | ❌ None | ✅ Full HTTPS encryption |
| ISP visibility | ✅ ISP can see all queries | ❌ Queries are hidden |
| Tampering resistance | Low | High |
| Speed | Fast | Comparable (minor overhead) |
| Censorship bypass | Limited | Helps in some cases |
Does DoH Make You Fully Anonymous?
No — and it's important to understand the limits. DoH hides your DNS queries from your ISP, but the DoH provider (e.g., Cloudflare, Google, or NextDNS) can still see them. You're shifting trust from your ISP to your DoH resolver. Choose a provider with a clear, audited privacy policy and no-logging commitment.
Additionally, your IP address is still visible to websites you visit. For full anonymity, DoH should be combined with a VPN.
How to Enable DoH in Your Browser
Firefox
- Go to Settings → General → Network Settings → Settings.
- Check "Enable DNS over HTTPS".
- Choose a provider (Cloudflare or NextDNS are common options).
Chrome / Edge / Brave
- Go to Settings → Privacy and Security → Security.
- Under "Use secure DNS", select "With" and choose a provider.
Choosing a DoH Provider
- Cloudflare (1.1.1.1): Fast, well-maintained, strong privacy policy with independent audits.
- NextDNS: Highly configurable; lets you block ads, trackers, and malicious domains at the DNS level.
- Quad9 (9.9.9.9): Blocks known malicious domains; operated by a non-profit.
- Google (8.8.8.8): Fast and reliable, but Google's business model is built on data — consider this when choosing.
Key Takeaways
- DoH encrypts the DNS layer of your browsing, preventing ISP surveillance of every domain you visit.
- It's easy to enable in all modern browsers in just a few clicks.
- It doesn't replace a VPN, but it's a valuable layer of privacy on top of your existing setup.
- Choose your DoH provider carefully — you're trusting them with your query data.