CloudFlare Announces Support For Privacy-Focused Oblivious DNS Over HTTPS Protocol
When DNS first launched and with implementations that remain today, data is sent in plaintext over the internet to resolve a website with DNS servers. Thus, the Internet Engineering Task Force standardized a new form of DNS calls named DNS over HTTPS (DoH) and DNS over TLS (DoT). Both of these standards encrypt the DNS data going to and fro over the internet, which “prevent[s] queries from being intercepted, redirected, or modified between the client and resolver.” While the standards are great, it raises concerns of single points of failure and the possibility that CloudFlare can still see the DNS requests, but oDoH plans to take care of that.
The only issue that can now potentially come up with oDoH is a vulnerability to collusion between a proxy and a DNS provider, but that would be difficult at best. Also, with this new protocol, users will not likely have to trade privacy for performance, as
At the end of the day, if all of this sounds like mumbo-jumbo, take away this: DNS companies are improving your privacy. Whether you think you need it or not, it is a good thing. Your internet browsing and patterns should be yours and yours alone, and CloudFlare is looking to ensure that.