DNS over HTTPS (DoH) is a protocol developed for encrypting plaintext Domain Name System (DNS) traffic to prevent malicious parties, advertisers, ISPs and others from being able to interpret sensitive data. User privacy and security is increased and man-in-the-middle attacks are prevented by using the HTTPS protocol to encrypt data between the DoH client and DoH-based DNS resolver. It was introduced as a standard in October 2018 by the Internet Engineering Task Force (IETF).
DNS is essentially a fundamental address book. It helps computer networks attach information to each web domain. DoH encrypts DNS queries, which are disguised as normal HTTPS traffic. Once the query is sent to the resolver, It is resolved inside a DoH request and the user is given a reply, also in an encrypted manner.
In addition to increased security, using DNS over HTTPS improves performance. Testing of ISP DNS resolvers shows that response times are often slow, due in part by the need to resolve many hostnames when loading a single web page.
DoH ensures that malicious parties cannot forge or alter DNS traffic. DoH traffic looks like other HTTPS traffic to a network administrator, meaning it appears as normal, user-driven interactions with websites and apps.
There are multiple usage scenarios for DoH: