1. Home
  2. Education Articles
  3. What is DNS-over-HTTPs (DOH)?

What is DNS-over-HTTPs (DOH)?

DNS-over-HTTPS (DoH) is a modern security protocol that encrypts DNS (Domain Name System) queries using the same HTTPS protocol that secures websites. Instead of sending DNS requests in plaintext, DoH wraps them inside standard HTTPS traffic, protecting users from surveillance, tracking, or tampering.

🛡️ CleanBrowsing: Internet Safety Made Simple

Filter harmful websites, block adult content, and protect your entire network. All with fast, privacy-respecting DNS.

Start Filtering Here →

🌐 Why DoH Matters

When you visit a website, your browser first asks a DNS server to resolve the domain name into an IP address. Without encryption, this request can be:

  • Monitored by ISPs or network operators
  • Tampered with by malicious actors
  • Used to build a profile of your browsing activity

DoH prevents this by:

  • Encrypting DNS queries over port 443 (HTTPS)
  • Hiding DNS traffic alongside regular web traffic
  • Bypassing some types of censorship and filtering

🔍 How DNS-over-HTTPS Works

  1. Your device or browser sends a DNS query inside an encrypted HTTPS request.
  2. The DNS resolver (e.g., Cloudflare, Google, CleanBrowsing) decrypts the request and returns the IP address.
  3. Since it’s wrapped in HTTPS, firewalls and ISPs cannot easily distinguish DoH from normal web traffic.

🆚 DoH vs. DoT

FeatureDoHDoT
Encryption ProtocolHTTPS (TLS over HTTP/2)TLS over TCP
Port Used443853
Visibility to Network ToolsHarder to block/monitorEasier to monitor/filter
Common UsageBrowser-level protectionSystem/network-level protection

DoH is especially popular in browsers like Firefox and Chrome, which support native DoH settings.

🧩 Where Can You Use DoH?

CleanBrowsing supports DoH across all plans—free and paid—and offers unique DoH endpoints for every account. These endpoints provide encrypted filtering tailored to families, schools, or organizations.

💻 Configure DoH On:

Your custom DoH URLs can be found inside your CleanBrowsing dashboard.

📦 Push DNS Logs to a Secure SIEM with Trunc

Trunc helps you forward CleanBrowsing DNS logs—and other system logs—to a secure, cloud-hosted SIEM. Get real-time visibility, threat detection, and compliance reporting without the overhead.

Explore Trunc →
Updated on July 31, 2025
Was this article helpful?

Related Articles