What DNS over HTTPS is
DNS over HTTPS (DoH) is a way of performing DNS lookups inside an encrypted HTTPS session. Traditional DNS sends queries in plain text, so anyone on the network path can see which domains you request and could even alter the answers. DoH wraps those queries in the same encryption that protects normal web traffic.
How it works
Instead of sending a query to a DNS server over the usual unencrypted channel, the client sends it as an HTTPS request to a DoH resolver:
- The query and its answer travel encrypted, blending in with other web traffic.
- Observers on the local network cannot read the domain names being resolved.
- The answer is harder to forge, because it arrives over an authenticated connection.
Many browsers and operating systems now offer DoH as a built-in option.
Why it matters
DoH improves privacy by hiding browsing-related lookups from internet providers and network snoopers, and it improves integrity by resisting tampering and certain spoofing attacks. The trade-offs are real: it can complicate corporate filtering, parental controls, and local network policies that rely on inspecting plain DNS. It also shifts trust to whichever DoH resolver you choose. A related approach, DNS over TLS, encrypts queries on a dedicated channel instead. You can still inspect public DNS answers for a domain using the WhatIP dns-lookup tool.