For decades, the "phone book" of the internet, the Domain Name System (DNS), has been completely unencrypted. This means that every time you type a website address, your Internet Service Provider (ISP) knows exactly where you are going.
Enter DNS-over-HTTPS (DoH), a protocol that is changing the privacy landscape and causing headaches for data-hungry ISPs.
The Privacy Gap
You probably know that HTTPS encrypts the content of your traffic. If you visit a bank, your ISP can't see your password. However, with standard DNS, they can see that you are visiting "chase.com".
This metadata is incredibly valuable. ISPs sell this browsing history to advertisers or use it to throttle specific types of traffic.
How DoH Works
DNS-over-HTTPS takes that DNS request and wraps it inside a standard HTTPS encrypted packet. To an outside observer (like your ISP or a hacker on public Wi-Fi), your DNS lookup looks exactly like standard web traffic.
This provides two massive benefits:
- Privacy: Your ISP cannot easily see which domains you are resolving.
- Integrity: It prevents "Man-in-the-Middle" attacks where a hacker intercepts your DNS request and points you to a fake login page.
Implementing DoH
Most modern browsers (Chrome, Firefox) support DoH natively in their settings. For system-wide protection on Android, you can use the "Private DNS" feature found in Settings → Network & internet → Private DNS.
At Durvex, we recommend using a privacy-focused provider like NextDNS or Cloudflare (1.1.1.1) to ensure your queries remain yours alone.