Back to Glossary

Glossary Term

DNS over HTTPS (DoH)

Encrypts DNS queries by sending them over HTTPS to improve privacy and integrity.

1 min read

Share this definition

Post it to your feed or send it to teammates.

DNS over HTTPS (DoH)

1-minute read

What it is

DNS over HTTPS (DoH) is a protocol that encrypts DNS queries by sending them over HTTPS. Instead of plain DNS traffic, DoH wraps requests inside encrypted web traffic to improve privacy and reduce interception.

Why it matters

DoH is a double-edged sword. It protects users from DNS snooping and manipulation, but it can reduce visibility for security teams that rely on DNS monitoring to detect malware, phishing, or command-and-control activity. If unmanaged, DoH may bypass network DNS controls and filtering.

How to reduce risk

  • Set an organization policy to allow approved DoH resolvers or block unmanaged DoH.
  • Use secure DNS configurations in browsers and endpoints with centralized policy where possible.
  • Maintain layered controls such as web filtering, endpoint detection, and SIEM correlation, not just DNS logs.
  • Monitor outbound HTTPS traffic patterns for unusual resolver usage or suspicious destinations.

Related terms

External resources

  • IETF RFC 8484: DNS Queries over HTTPS (DoH): https://www.rfc-editor.org/rfc/rfc8484
  • Cloudflare: What is DNS over HTTPS?: https://www.cloudflare.com/learning/dns/dns-over-https/