DNS over HTTPS
Also known as: doh, encrypted dns
A protocol that encrypts DNS queries inside HTTPS so they can't be read or modified in transit.
Traditional DNS is sent in plain text over UDP, which means anyone on the path — your ISP, the airport Wi-Fi operator, a hostile router — can see and change it. DNS over HTTPS wraps the same queries in an encrypted HTTPS connection to a chosen resolver.
DoH protects against passive surveillance and DNS-based censorship but shifts trust from your ISP to the resolver you pick. Major browsers ship it on by default with reputable resolvers.
