Published on June 27th, 2019 📆 | 7256 Views ⚑0
Google Makes Encrypted DNS Generally Available for 184.108.40.206
As more and more websites turn on HTTPS and online communications rely on cryptographic protocols such as Transport Layer Security, the Internet is increasingly more encrypted. Except for one significant part: the Domain Name System.
DNS acts as the phonebook for the Internet and translates human-readable domain names to the actual address of the machine (numeric string for IPv4, alpha-numeric for IPv6) hosting the content or application the user is interested in. Since DNS queries are typically sent in plaintext via UDP or TCP, the entity operating the DNS server can see all the requests—essentially, the entirety of the user’s online activity. For many users and organizations, the internet service provider provides DNS, which means the ISP can monitor what websites the user visited, when the visits occurred, and what device was used.
Governments can demand the ISPs hand over these records. In fact, in the United Kingdom, ISPs are required to track all the sites citizens visited for the previous 12 months under the 2016 Investigatory Powers Act (IPA). ISPs are also allowed to share the data with third-parties for content filtering and advertising purposes.
Using public DNS services such as the one provided by Google (220.127.116.11) meant bypassing the ISPs, but it meant giving the data-hungry search giant access to all of the DNS requests. Concerns over web surveillance and online tracking spurred interest in encrypted DNS, such as DNS over HTTPS and DNS over TLS. These options protected user privacy by making it hard to eavesdrop on DNS requests.
There are several options for encrypted DNS, including Cloudflare with its 18.104.22.168 service, Cisco’s OpenDNS, and non-profit Quad9’s 22.214.171.124 service. Mozilla has announced its own efforts for Firefox. This week, Google announced general availability of DNS over HTTPS for 126.96.36.199.
“Today we are announcing general availability for our standard DoH service. Now our users can resolve DNS using DoH at the dns.google domain with the same anycast addresses (like 188.8.131.52) as regular DNS service, with lower latency from our edge PoPs throughout the world,” wrote Google product manager Marshall Vale and security engineer Alexander Dupuy.
Google has spent the past three years fine-tuning DNS over HTTPS, which is based on the Internet Engineering Task Force’s RFC 848 standard, adopted last October.