Service

Discussion Paper: DNS over HTTPS (DoH)

by eco - Verband der Internetwirtschaft e.V.

Logo of eco - Verband der Internetwirtschaft e.V

Key Facts

  • How DoH interacts with existing network environments
  • User Level: User Choice and Awareness
  • DNS Resolver Operator Perspective and Operational Choices

Categories

  • Internet providers
  • Publications

Key Facts

  • How DoH interacts with existing network environments
  • User Level: User Choice and Awareness
  • DNS Resolver Operator Perspective and Operational Choices

Categories

  • Internet providers
  • Publications
Show More

PRODUCT DESCRIPTION

Throughout the history of the Internet, traditional Domain Name System (DNS) traffic – for example, when a user types a website name into a browser – has largely been unencrypted. The DNS over HTTPS (DoH) protocol, which first emerged in 2018, and is a new approach to change that by making use of the well-known secure HTTPS web protocol.

Several large-scale Internet companies, including Apple, Mozilla, Microsoft, and Google, are in the process of planning or implementing DoH into their services and applications. While the encryption of DNS has the advantage of improving user privacy and security, a discussion has emerged around the DoH protocol on a range of issues which need to be addressed in the implementation and deployment of services.

To clarify some of the complexities – both legal and technical – and to provide recommendations for implementation and deployment of DoH, members of the eco Association have collaborated on producing a Discussion Paper on DNS over HTTPS (DoH). The paper provides background information and explanations for non-technical readers, and a clear set of recommendations for best practice in line with privacy-enhancing techniques and informed user consent.
This paper has been developed out of the collaboration of members of the eco Association who are all stakeholders in the ecosystem of DNS provision. The initial intention of the paper was to provide a combined position on the DNS over HTTPS (DoH) protocol and its various implementations. However, finding general consensus on all areas of discussion proved to be overly ambitious. As a result, contributors have agreed to disagree on some topics, and participation in the development of this paper should not be construed as endorsement of all sections and recommendations.
Where the participants are all in agreement is that the encryption of DNS services should be encouraged on a broad scale, in order to increase the security and privacy of Inter

Show More