Traditionally, DNS queries and responses are sent over the internet without encryption. This could very well lead to tracking and spoofing vulnerabilities that put users data at risk.

There are many servers in between your computer and DNS server. Information travels through these servers, called on-path routers, can be tracked and used to create a profile of you with a record of all the websites that you look up. And that data is valuable and can be sold to other companies with a lot of money.

What’s worse than tracking is spoofing. If any of these servers acts as a bad man in the middle, they can spoof you a wrong address for a site that could potentially steal your credentials instead.

So, what’s the solution?

For starters, make sure you are using a very good and reliable DNS server as the resolver. For example, Google’s Public DNS and Cloudflare’s extremely fast and privacy-minded 1.1.1.1. 

But that wouldn’t solve the issue of being tracked and potentially spoofed. You need to encrypt the data before handing them over to the DNS server. The answer to that is DNS-over-HTTPS.

However, no browsers supported this new protocol just yet but they are coming. For example, Mozilla has started to experimenting feature in its Firefox browser.

Manually configure DoH on Firefox

1. Type about:config in the address bar in Firefox and press Enter.
2. Type “network.trr” in the search box to narrow down the items.
3. Change network.trr.mode to 2, and enter the DoH URL into network.trr.uri

There are two DoH compliant endpoints that are available now to use.

• Google Public DNS: https://dns.google.com/resolve?
• Cloudflare: https://mozilla.cloudflare-dns.com/dns-query

Photo credits to Mozilla