Industry players such as Google and Mozilla (Firefox browser) have been working to implement DNS-over-HTTPS, advertising this protocol as a means of protecting ISPs from tracking users web traffic. While the benefits of DoH is still being debated, rollouts of encrypted DNS may become more widely adopted. This places increased concern on filtering and security protection for organizations currently using DNS filtering solutions.  

What is DNS-over-HTTPS (DoH)

The Domain Name System (DNS) is often referred to as the phone book of the internet. When you visit a site, the DNS translates domain names to IP addresses allowing the browser to load the internet resources. Web filtering by DNS depends on the ability to force devices to use designated ISP’s DNS servers allowing traffic to be visible to the Internet Service Provider.   

The DNS-over-HTTPS protocol works by sending requests via an encrypted HTTPS connection, rather than the classic plaintext UDP requests in standard DNS. Not only is the request encrypted, but the DoH protocol also works at the app level rather than the operating system level. These connections occur between a browser/app and a secure DoH-compatible DNS server instead of a public network’s designated DNS server making the traffic no longer visible.  

How Does DNS-over-HTTPS Affect Netsweeper?

Netsweeper’s robust deployment options means that DoH will not disrupt its filtering, protecting users regardless of which protocol is used. Both Netsweeper’s Offline and BGP Routing Filtering Deployment cannot be bypassed since it filters the HTTP/S requests, not the DNS look up.  

Proxy-based web filtering makes up most deployments. Web filtering for proxy-based education deployments looks at the HTTP/HTTPS web traffic. It does not look at the DNS traffic. This means that DNS-over-HTTPS does not affect filtering. There are considerations for operator/service providers using Netsweeper’s DNS-based filtering solution, but Netsweeper’s DNS filtering solution also handles DNS-over-HTTPS.

Netsweeper’s DNS Filtering Solution

  • Netsweeper’s DNS solution operates as a DNS server, and includes support for DNS-over HTTPS communication with client applications 
  • Filtering policies can be applied even when using this new DNS standard that ensures enhanced security and privacy 
  • Our ability to receive and respond to DNS requests will remain unaffected, so long as the filtered device is not using a browser (or other application) that disregards Operating System DNS settings in favor of other DNS services 

For more information regarding Netsweeper’s Filtering, request a demo from our solution experts.