DNS-over-HTTPS is a relatively new technology that aims to keep your browsing private. There are some good things and some bad things about it, and whether or not you should use it depends on your personal preference.

But before we dive into the complexities of the technology, we first have to establish: what is DNS-over-HTTPS, and how can it help (or hinder) you in the long run? Let's find out.

What Is DNS-Over-HTTPS?

A DNS server
Image Credit: Seobility/Seobility.net

As you can see by the name, DNS-over-HTTPS is a combination of two existing technologies. The first is the Domain Name System (DNS) and the second is the Hypertext Transfer Protocol Secure (HTTPS).

What Is DNS?

First up is the DNS side of DNS-over-HTTPS. DNS comes into play when you enter a URL into your browser's address bar. For example, you may very well know what "www.makeuseof.com" means and where it goes to, but to a computer, these letters and words mean nothing. That's because URLs were designed to make it easier for humans to remember where a website is.

Related: The Best DNS Servers for Improved Online Safety

Instead, a computer much prefers an IP address. And the role of the DNS server is to convert the URL into an IP address so that your computer knows where to send its data.

However, when your computer sends the request to decrypt a URL to the DNS server, it's done so over regular HTTP. This means it's not encrypted whatsoever, allowing third-party agents such as hackers and your ISP to see the websites you're visiting. And if there's a particularly bad egg on your network, they can manipulate the data to send your PC to bad websites.

What Is HTTPS?

Next up is HTTPS. HTTPS is a big security improvement over HTTP because it encrypts any traffic sent through it. This means that people looking in from the outside can't see the data you're sending or mess with it.

Related: Does HTTPS Protect Data in Transit?

When DNS and HTTPS Combine

As you might expect, DNS-over-HTTPS is when your computer sends its DNS request over HTTPS rather than HTTP. This means that nobody spying from the outside can see what websites you're visiting.

After all, the communication isn't totally secure—the DNS server needs to decode the request to see what it's asking. At that stage, the DNS server provider can log who's asking to go to which websites. However, everyone that isn't you or your DNS service provider will be unable to peek into your browsing habits.

How Is DNS-Over-HTTPS Implemented?

Someone using Chrome

DNS-over-HTTPS sounds great on paper, but implementing it is a little tricky. One of its main draws is that it keeps your browsing habits a secret from your ISP. However, your ISP handles your DNS requests by default.

As such, if you used DNS-over-HTTPS with your ISP's DNS server, it doesn't hide your traffic from them. That's because the DNS server needs to decrypt the DNS request to see its contents, at which point the server can log the request and who made it. And if that server is owned by your ISP, you're handing them your data on a silver platter.

The solution? Take the DNS requests out of the hands of the ISP and move them to a third party. And in this case, that third party is related to the company that owns the browser you're using.

Both Google and Mozilla have implemented DNS-over-HTTPS into their Chrome and Firefox browsers, respectively. And to get over the issue of removing the role of the DNS server from the ISP, they've both decided to allow users to choose their own.

Google already has its own public DNS servers, so you can tell Chrome to connect to those. However, Chrome also has preset options for OpenDNS, CleanBrowsing, and Cloudflare at the time of writing, so you have a bit of choice. And you can even nominate to use your ISP's DNS server if it supports HTTPS, in case you're not too concerned about hiding your activity from your service provider.

Related: How Cloudflare DNS Helps Solve These Big DNS Privacy Risks

Firefox, too, uses trusted DNS-over-HTTPS providers to handle its user's requests. This includes CloudFlare and NextDNS, but you can also set up your own.

Whichever way you pick, enabling DNS-over-HTTPS is as easy as flicking a switch in your browser. And you can read all about how to do that in our guide to how to enable DNS-over-HTTPS in your browser.

The Advantages of DNS-Over-HTTPS

The most clearcut advantage for DNS-over-HTTPS is the amount of security it provides you. Only you and your DNS server see where you're going, and it's a handy way to avoid DNS-based attacks.

On top of that, if you nominate to use a DNS server that isn't owned by your ISP, you can avoid your service provider peeking into your traffic. Your ISP may get an IP address and a rough idea of where you're going, but it's a lot trickier to trace than URLs. Combine this with an HTTPS connection to your favorite websites, and you give away very little to your ISP.

The only technology that does the job better is a VPN, which creates a tunnel through which an ISP can't look into. However, in terms of the effort needed to set it up, DNS-over-HTTPS only requires you to use an enabled browser and to flick a switch in its settings to turn the feature on.

Related: Totally Free VPN Services to Protect Your Privacy

The Disadvantages of DNS-Over-HTTPS

DNS-over-HTTPS isn't perfect, however. For example, some website blocking software will struggle with DNS-over-HTTPS if it depends on looking at the URL you're visiting. This means that schools and parents will have more of an issue stopping kids from accessing dangerous and harmful content.

Also, because the DNS request has to go over HTTPS, it may take a little longer for your packet to go across the internet than if it used HTTP. However, there's a good chance you'll see no notable delay while using it.

Getting Over DNS' Security Flaws With DNS-Over-HTTPS

While DNS-over-HTTPS may sound complex, it's actually quite simple by design. So now you know the technologies behind DNS-over-HTTPS, the sum of its parts, and why it's essential to have it around. And if you're really into privacy, getting familiar with HTTPS will really help you in the long run.