Security News > 2020 > December > Oblivious DNS-over-HTTPS

Oblivious DNS-over-HTTPS
2020-12-08 21:02

This new protocol, called Oblivious DNS-over-HTTPS, hides the websites you visit from your ISP. Here's how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit.

Because the DNS query is encrypted, the proxy can't see what's inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with.

Recent efforts to secure DNS using DNS over TLS and DNS over HTTPS havebeen gaining traction, ostensibly protecting traffic and hiding content from on-lookers.

One of the criticisms ofDoT and DoH is brought to bear by the small number of large-scale deployments: DNS resolvers can associate query contents with client identities in the form of IP addresses.

Oblivious DNS over HTTPS safeguards against this problem.


News URL

https://www.schneier.com/blog/archives/2020/12/oblivious-dns-over-https.html