conference logo

Playlist "36C3: Resource Exhaustion"

Encrypted DNS? D'oh! - The Good, Bad and Ugly of DNS-over-HTTPS (DoH)


Old school DNS is unencrypted and thus prone to MITM-Attacks or DNS-Hijacking. DNS-over-HTTPS (DoH) is trying to solve this finally by encrypting DNS-requests between the client and the resolver.

There have been previous (failed) attempts of encrypting DNS, but DoH seems to be the most promising so far, because browser makers such as Mozilla and Google are pushing the adoption and plan to roll this technology out to all Firefox and Chrome users. Microsoft ist planning to support DoH in natively in Windows 10.

But there are a lot of people that are pretty angry and vocal about that move. This includes ISPs and Ad-Companies all over the world.

This talk will give an overview how DoH came to be, what problems it is trying to solve and what obstacles are hindering the adoption. You'll learn about DNS, encryption, the work on _proposed_ internet standards, how fake news work and why your ISP is tracking you and provides you with falsified information. And you'll learn how to use encrypted DNS.