What is the Difference Between DNS over TLS & DNS over HTTPS?
You might be questioning if they’re different, which one is better and is there any other differences except the port. There’s a lot to get into, and it’s even worth it, as it will give you a better idea about what’s the difference between the two – DNS over TLS and DNS over HTTPS and why it’s essential to know about it.
So, let’s get into details.
DNS: What Is It and Why It Needs TLS or HTTPS?
In case if you don’t know what’s the IP address of your website, you can find using the below command.
For Windows:
In command prompt type,
tracert anydomain.com
Here’s Why We Must Encrypt DNS Requests
Therefore, these revelations can create several implications like identity theft. For example, in the past September 2018, the Facebook data breach happened in which around 50-million people were affected. Also, if you’re from the US, the UK, or any other part of the western world, you might be aware, almost everything is accessible on the internet, except few illegal things.
As per Freedom House, less than one-quarter of the world’s internet users are from the country where the internet is named Free. It means free in liberties and rights and not price. 36% of internet users belong to countries where it’s restricted entirely, and the other 28% are from where the internet is partially restricted.
One of the real-life examples you can look upon is: The Great Firewall of China intercepts DNS Traffic for injecting or rewriting DNS responses. So, it’s but obvious why DNS encryption is so important.
So, these types of information must be protected from snooping. And, due to such scenarios, DNS PRIVate Exchange (DPRIVE) Working Group is developed by various communities and groups like IETF (Internet Engineering Task Force), operators, vendors, researchers, and open international community of network designers, for offering data privacy to transactions related to DNS. Because of these reasons, as an initiative, DNS is encrypted using cryptographic protocols like TLS (Transport Layer Security) or HTTPS, which are widely used for securing web servers and web browsers.
Let’s dig into it more and find out what’s the difference between these two DNS encryptions, i.e., DNS over TLS (DoT) and DNS over HTTPS (DoH).
Here’s How DNS over TLS & DNS over HTTPS Differs
DNS over TLS | DNS over HTTPS |
---|---|
As per the IETF DNS over TLS is defined as RFC 8484. | As per the IETF DNS over HTTPS is defined as RFC 8310 and RFC 7858. |
DNS over TLS uses TCP as the standard connection protocol and layers for TLS authentication and encryption. | DNS over HTTPS makes use of HTTP/2 and HTTPS as the standard connection protocol. |
DNS over TLS uses its own port, Port 853. | DNS over HTTPS uses the standard HTTPS traffic port, Port 443. |
DNS over TLS requests uses a distinct port, so anyone who’s on the network level can find and even block them. | DNS over HTTPS requests can stay hidden in encrypted traffic. |
DNS over TLS is a good option when the user doesn’t want to deal with the clients, which are provided by DNS referrers/forwarders. | DNS over HTTPS is the right solution when other ports are blocked. |
DNS over TLS or DNS over HTTPS: What’s the Better Standard?
Furthermore, DoH seems quite beneficial for ad networks and trackers, as it brings DNS to the application layer, whereas DoT is quite suitable for layered abstraction.
Summary
To solve such privacy leak issues, DNS over TLS (DoT) or DNS over HTTPS (DoH) came into existence. Though these techniques are entirely new, but in the coming time, we will see its increased adaptation while shifting us further into the realms of the secured Internet.