Articles on: Technical documentation

Does Safe Surfer support encrypted DNS (DoH or DoT)?

Safe Surfer invests in modern technologies to make surfing the web a safer experience for you. We have been keeping our eye on a new set of technologies that is being freshly released to devices by major technology companies and organisations via device updates: DNS over HTTPS (DoH) and DNS over TLS (DoT).

Apple, Microsoft, Google, and Mozilla have been releasing support for DoH and DoT into their products since 2019 and 2020. In this article we will explain what these two terms are and how Safe Surfer will be using them in the future. To begin, it will be helpful to break down in layman's terms how the basics of Internet networking works.

Internet networking 101 🔗

When you visit a website URL (e.g. the Safe Surfer dashboard at in a web browser, your browser has to convert this URL to a special set of numbers it understands. When you use the Internet on a device, you are likely using a networking protocol called Internet Protocol version 4 (IPv4). When you download and upload any kind of data over the Internet, this protocol performs the data transport work for you in the background—this all happens in the background. IPv4 operates over the public Internet using a special set of numbers, and these numbers are unfriendly to memorise. For example, "translates" to These are not easy to remember when you have a lot of favourite websites! This is where the Domain Name System (DNS) technology comes in.

DNS operates on computer servers, and it is like a telephone book for devices. Most people by default automatically use DNS servers that their Internet Service Provider (ISP) provisions by default. When you use broadband or mobile data and you do not manually configure your device or router to use a specific DNS server, chances are you will be using a DNS server that is run by your ISP.

Are there any downsides to classic DNS today?

Classic DNS has a major privacy flaw—any kind of URL request you make over the public Internet can theoretically be intercepted and read by anyone, even your ISP. This is called sending "plain text"—data that is not encrypted before it is sent.

DoH and DoT

DoH and DoT are an encrypted form of classic DNS. Instead of sending data unencrypted, they encrypt the data being sent before it is sent by using advanced cryptographic protocols.

DoH encrypts DNS data using the HTTPS protocol.
DoT encrypts DNS data using the TLS protocol.

Both of these methods are very similar, but they have differences from a technical viewpoint. From a consumer perspective, they both provide a high level of privacy when it comes to encrypting search data. DoT takes advantage of newer technologies, so if you are given a choice and it is supported by your device, it is the better option of the two available.

Many operating systems and web browsers now fully support DoH and/or DoT. This includes, but is not limited to:

Operating systems:
Android 9 and higher
iOS 14 and higher; iPadOS 14 and higher
Windows 11
macOS 11 Big Sur and higher

Web Browsers:
Any Chromium-based browser (e.g. Google Chrome, Microsoft Edge, Opera)
Mozilla Firefox

How is DoH and DoT useful to me? 🤔

The DoH and DoT protocols encrypt your Internet URL/IPv4 request data. This increases privacy for consumers.

How is Safe Surfer going to use these new technologies? 🏄‍♂️

A major part of the Safe Surfer service relies upon the DNS technology (in DNS being a "phonebook", we can therefore allow or block specific websites). As classic DNS is progressively phased out for most consumers, we will be providing DoH and DoT options for our customers. Our iOS app now supports both DoH and DoT, and we also provide DoH and DoT URI links for operating systems and web browsers to use. We also offer "Private DNS" links for our customers running Android.

Updated on: 13/01/2024

Was this article helpful?

Share your feedback


Thank you!