Moengage

Mozilla rolls out encrypted DNS over HTTPS for US-based users

David Murphy

Mozilla has begun the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users of its Firefox browser. The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users.

A little over two years ago, Firefox publisher Mozilla began work to help update and secure one of the oldest parts of the internet, the Domain Name System (DNS). To put this change into context, it needed to briefly describe how the system worked before DoH. DNS is a database that links a human-friendly name, such as www.mozilla.org, to a computer-friendly series of numbers, called an IP address (e.g. 192.0.2.1). By performing a “lookup” in this database, a user's web browser is able to find websites on their behalf. Because of how DNS was originally designed decades ago, browsers doing DNS lookups for websites - even encrypted https:// sites - had to perform these lookups without encryption.

Because there is no encryption, other devices along the way might collect (or even block or change) this data too. DNS lookups are sent to servers that can spy on people’s website browsing history without either informing them or publishing a policy about what they do with that information.

“At the creation of the internet, these kinds of threats to people’s privacy and security were known, but not being exploited,” Mozilla said in a release. “Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives.”

It is doing this by performing DNS lookups in an encrypted HTTPS connection. This helps hide people’s browsing history from attackers on the network, and also helps prevent data collection by third parties on the network that ties a computer to the websites it’s used to visit.

Mozilla is enabling DoH by default only in the US. Anyone outside of the US who would like to enable DoH can do so in the browser’s Settings. Mozilla also said it will continue to explore enabling DoH in other regions.