Cloudfare and Apple’s new DNS standard for improved security on the Web

Cloudfare and Apple’s new DNS standard for improved security on the Web

December 14, 2020 0 By Alex Balaniuc

Oblivious DNS over HTTPS – in short, ODoH – is the novel product of a collaboration between companies Cloudfare and Apple aimed at boosting DNS Privacy and protecting your personal info. Keep reading to learn more about the innovative service.

Cloudflare is an American web-infrastructure and website-security company that focuses on content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services. The company recently announced a project co-authored by engineers from Cloudfare and Apple – the DNS standard Oblivious DNS over HTTPS (ODoH). With the source code available to anyone, you could try out ODoH yourself by visiting Cloudfare’s website.

Before we get into what is ODoH exactly about, let’s start by explaining what a DNS is. A Domain Name System (DNS) is a sort of “phone book” used for communication through computer: machines can, in fact, interact only by using series of numbers that are quite difficult for humans to remember (for example, IP addresses like 172.16.254.1). Simply put, the DNS translates the domain name you enter in your browser into a computer-readable IP address.

So, how does this new DNS operate? Well, it separates IP addresses from queries, meaning that no single entity can see both at the same time; the info that is usually acquired by websites when you surf the Web will be hidden. Websites and web service providers constantly collect data regarding our Internet activity because queries are sent in cleartext. Therefore, anyone on the network path between your device and the DNS resolver can see both the query that contains the hostname (or website) you want, as well as the IP address that identifies your device.

ODoH’s goal is to avoid this by using a proxy between the DNS server and your device, so that queries and responses will be exclusively managed by ODoH and will result being impossible to intercept, redirect or modify by onlookers and third parties. This standard utilizes Hypertext Transfer Protocol Secure (HTTPS) to encrypt the data handled by the proxy to make Web navigation extra secure.

If you feel like trying ODoH 1.1.1.1. out, you’ll find its source code here (bottom of the page), although you’ll probably have to first update your browser to fix any compatibility issue.