This week Mozilla started rolling out encrypted DNS over HTTPS (DoH) by default for all its US Firefox users. This new standard enhances users’ privacy and security online, but not everyone is pleased.
What is DoH?
DNS stands for Domain Name System, which essentially is the phonebook of the internet. The DNS holds records of domain names, e.g. VPNOverview.com or Wikipedia.com, and their associated IP addresses.
When users wish to visit a website, they search for the website using the domain name. Web browsers such as Firefox or Chrome, however, use Internet Protocol (IP) addresses to interact with each other. That’s where the DNS comes in. It translates the domain names entered by users to IP addresses so that browsers can load the requested website.
The problem is that website requests going between users’ browsers and DNS servers are not encrypted. This means that others can see what websites users are visiting and even intercept website requests using man-in-the-middle attacks. These attacks intercept the users’ website requests, manipulate them and then redirect users to malicious websites.
DoH encrypts DNS data to protect users’ privacy and security by preventing eavesdropping and man-in-the-middle attacks. DoH is a new standard that uses the encrypted HTTPS communication protocol for traffic between users’ browsers and DNS servers.
As well as improving security, it is hoped that DoH will also reduce the time it takes DNS servers to find the IP address that corresponds to the user requested domain name.
Criticisms of DoH
Despite the promises of better security and more privacy for users online, DoH has faced a lot of criticism from lawmakers and security experts. They say that DoH hinders legitimate attempts to block dangerous web content, such as terrorist and child abuse related content.
Furthermore, although it is much harder for others to eavesdrop or intercept DNS data with DoH enabled, users’ website requests will still be visible to DNS providers. To counter this issue, Mozilla offers a choice of two trusted DNS providers, Cloudflare and NextDNS. Firefox uses Cloudflare as the default DNS provider.
DoH by Default Only in the US
Due to the criticism Mozilla faced when it announced it would roll out DoH by default to all its worldwide Firefox users, Mozilla has decided to roll it out by default only in the US. Users of Firefox outside the US need to opt-in if they wish to use the feature.
While Firefox is the first browser to start rolling out DoH by default, other browsers such as Google Chrome, Edge Chromium and Brave also support the feature. However, with these browsers, users need to opt-in to the feature if they wish to use it.