Apple and Cloudflare Created a New DNS Protocol

Slide from encrypted DNS WWDC20

Apple and Cloudflare have teamed up to create a new DNS protocol called Oblivious DNS-over-HTTPS, or ODoH (via TechCrunch).

Oblivious DNS-over-HTTPS

The goal is to make it more difficult for ISPs to snoop on your web browsing. Current DNS protocols like DNS-over-HTTPS (or DoH) use encryption to protect your browser’s DNS queries. ODoH goes a step further and prevents the DNS resolver from also knowing your web browsing.

Here’s how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can’t see what’s inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with.

To work properly, the proxy and DNS resolver should never be from the same company. Instead, the idea to have multiple companies run proxies so that a malicious entity can’t hijack the proxy.

One thought on “Apple and Cloudflare Created a New DNS Protocol

  • Andrew:
    Many thanks for this heads up. 
    I’ve only had a minute to spare skimming through the article, but I like what I see. This pretty much fits the bill of what I have been looking for.
    At some point, you or someone at TMO (I’m nominating you for this mission, Mr Orr, if you choose to accept it), should do piece on what this new protocol does for user privacy, it’s limits, and the differences and marginal gains from using a VPN both with and without this protocol. Perhaps once I’ve had time to read and digest it, many of these questions will have been addressed and self-explanatory. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.