Safe Surfer invests in modern technologies to make surfing the web a safer experience for you. We have been keeping our eye on a new set of technologies that is being freshly released to devices by major technology companies and organisations via device updates: DNS over HTTPS (DoH) and DNS over TLS (DoT).

Apple, Microsoft, Google, and Mozilla have been releasing support for DoH and DoT into their products since 2019 and 2020. In this article we will explain what these two terms are and how Safe Surfer will be using them in the future. To begin, it will be helpful to break down in layman's terms how the basics of Internet networking works. If you just want the brief on DoH and DoT, you can skip to the "How is DoH and DoT useful to me?" section.

Internet networking 101

When you visit a website URL (eg the My Safe Surfer website: in a web browser, your browser has to convert this URL to a special set of numbers it understands. When you use the Internet on a device, you are likely using a networking protocol called Internet Protocol version 4 (IPv4). When you download and upload any kind of data over the Internet, this protocol performs the data transport work for you in the background—you do not see any of this occur. IPv4 operates over the public Internet using a special set of numbers, and these numbers are unfriendly to memorise. For example, "translates" to—these are not easy to remember when you have a lot of favourite websites! This is where the Domain Name System (DNS) technology comes in.

DNS operates on computer servers, and it is like a telephone book for devices. Most people by default automatically use DNS servers that their Internet Service Provider (ISP) provisions by default. When you use broadband or mobile data and you do not manually configure your device or router to use a specific DNS server, chances are you will be using a DNS server that is run by your ISP.

Are there any downsides to classic DNS today?

Classic DNS has a major privacy flaw—any kind of URL request you make over the public Internet can theoretically be intercepted and read by anyone, even your ISP. This is called sending "plain text"—data that is not encrypted before it is sent.

What is DoH and DoT?

DoH and DoT are an encrypted form of classic DNS. Instead of sending data unencrypted, they encrypt the data being sent before it is sent using advanced cryptographic protocols.

DoH encrypts DNS data using the HTTPS protocol.
DoT encrypts DNS data using the TLS protocol.

Both of these methods are very similar, but they have differences from a technical viewpoint. From a consumer perspective, they both provide an extremely high level of privacy.

Many operating systems and web browsers now either fully support or are in testing phases for DoH and/or DoT support. This includes, but is not limited to:

Operating systems:
Windows 10 version 20H2 and higher (to be released late 2020)
macOS 11 Big Sur and higher (to be released late 2020)

Web Browsers:
Any Chromium-based browser (eg Google Chrome, Microsoft Edge, Opera)
Mozilla Firefox

How is DoH and DoT useful to me?

The DoH and DoT protocols encrypt your Internet URL/IPv4 request data. This increases privacy for consumers.

How is Safe Surfer going to use these new technologies?

A major part of the Safe Surfer service relies upon DNS. In DNS being a "phonebook", we can therefore allow or block specific websites. As classic DNS is continually phased out for most consumers, we will be providing DoH and DoT options for our customers. Our mobile apps will eventually use these protocols, and you will be able to find configuration options on our website in the future for manually configuring operating systems and web browsers to use these new technologies.

Interested in trying DoH right now on desktop? Check out our Safe Surfer DoH on Firefox article here:
Was this article helpful?
Thank you!