Earlier this month, Mozilla announced that Firefox will begin enabling “DNS over HTTPS” (DoH) by default for USA-based users. Not intending to be left behind in the pursuit of safer browsing, Google has announced that it, too, will begin experimenting with the feature; Chrome 78 will validate Google’s implementation of DNS over HTTPS.
What DNS over HTTPS (DoH) does
Google notes that “the idea is to bring the key security and privacy benefits of HTTPS to DNS, which is how your browser is able to determine which server is hosting a given website.” DNS queries are normally sent via plaintext, which makes it possible for other users to see what websites you’re visiting if you’re on an unsecured Wi-Fi network—and also makes you vulnerable to potential attacks like spoofing.
DoH leverages the more secure protocol HTTPS to prevent these kinds of monitoring and attacks from occurring, increasing both security and privacy for users.
Which browsers will support DoH
For now, the only major browsers scheduled to support DoH are Mozilla Firefox and Chrome 78 or higher (although, notably, Chrome for iOS as well as Chrome for Linux will not be supporting this feature).
It remains to be seen if Apple’s Safari will follow suit, but given that Apple touts user security and privacy as major benefits of its platforms, it may only be a matter of time before the feature could come to Safari for Mac, iPad, and iPhone.
What you will notice when DoH is enabled
Ideally, when DoH is enabled, you won’t notice a thing. Both Firefox and Chrome have implemented extensive fallback mechanisms for situations where DoH might fall over, such as a DNS provider that doesn’t support DoH, ISPs that provide parental controls, or strictly managed enterprise networks.
The bottom line for both browsers is that if DoH won’t operate as intended, the browser will simply fall back to the standard method of DNS lookup if necessary.
How to benefit from DoH on iOS
Although the Mac versions of Firefox and Chrome are slated to have DNS over HTTPS added soon, this enhancement doesn't seem to be coming soon to the iOS versions of the browsers.
However, there's another way to get DoH working on your iPhone, iPad, or iPod touch; the app for Cloudflare's DNS service "220.127.116.11" includes a feature to send all DNS lookups over your choice of two secure protocols: DNS over HTTPS or DNS over TLS. Of course, the app only works with Cloudflare's DNS service; you can't use it with any other DNS servers. You can get the 18.104.22.168 app on the iOS App Store.
More information about the upcoming addition of DoH to Chrome and Firefox, including how to enable DoH in Chrome 78, is available at The Hacker News.
To learn more about how DNS works and why it's important to secure it, check out Intego's article about Cloudflare's 22.214.171.124 DNS service.
Every week, Intego's experts discuss Apple security on the Intego Mac Podcast, so be sure to subscribe to make sure you don't miss the latest episode. You'll also want to subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.