0Pricing
Cryptology Academy · Lesson

DNS Security: DoH and DoT

Learn why DNS is a privacy vulnerability and how DNS-over-HTTPS and DNS-over-TLS protect queries.

DNS Queries Travel in Plaintext

The Domain Name System translates human-readable domain names into IP addresses. Standard DNS queries use UDP on port 53 and are sent completely unencrypted. Every domain name your device looks up is visible to your router, your ISP, and anyone capable of monitoring the network path. This means your browsing activity is exposed even when every website you visit uses HTTPS.

ISPs Log All DNS Queries

Internet Service Providers routinely log DNS queries for all customers as a form of network monitoring and for compliance with data retention laws in many jurisdictions. This log constitutes a detailed record of every website visited, the time of each visit, and the frequency of access. ISPs have sold this data to advertisers and responded to government requests for subscriber browsing histories based on DNS logs alone.

All lessons in this course

  1. Plaintext Protocols: What Attackers See
  2. How Packet Capture Works
  3. Encrypted Traffic Analysis
  4. DNS Security: DoH and DoT
← Back to Cryptology Academy