Google is launching much-needed security and privacy enhancement in the form of a feature called Secure DNS, starting with Chrome 83. Built on top of DNS-over-HTTPS, the Secure DNS feature empowers Google Chrome to perform an encrypted DNS lookup to securely locate the server of the website you want to access.
Chrome to officially support DNS over HTTPS
By releasing the Secure DNS feature, Google wants to ensure the security and privacy of all Chrome users remain uncompromised. In a recent blog post, Kenji Baheux, Product Manager of Google Chrome wrote:
“DNS-over-HTTPS introduces a significant change to the Domain Name System (DNS), a system designed more than 35 years ago that is central to how the web works even to this day.”
To understand the importance of Secure DNS, first, we need to understand what is DNS Lookup.
What is DNS?
DNS stands for Domain Name System. It helps users locate the website’s IP address with a human-friendly, easy-to-remember name aka URL. For example, www.thewindowsclub.com. DNS helps web browsers access requested websites without requiring users to enter corresponding IP addresses.
Whenever a web browser is looking to access a certain website, a process called ‘lookup’ is performed. The process starts as soon as users enter the website URL in the web browser’s address bar. Your web browser then performs a ‘DNS lookup’ in the database of millions of websites.
The process completes after your web browser matches the requested URL with the corresponding IP address and finds the website on your behalf.
What is Secure DNS over HTTPS?
Google Chrome’s Secure DNS feature uses DNS-over-HTTPS to encrypt the DNS lookup. This way, Chrome wants to prevent threat actors from tracking what sites you visit or sending you to phishing websites.
Since the entire process now becomes encrypted, attackers will find it extremely difficult to intercept web browser connections, further preventing Man-in-the-middle attack (MITM).
“…Chrome will automatically switch to DNS-over-HTTPS if your current DNS provider supports it, and provide manual configuration options for users who wish to use a specific provider.”
Unencrypted DNS lookup poses numerous privacy risks and challenges. In the absence of DNS encryption, other devices along the way might collect data requested by your web browser application. DNS lookups are also sent to servers that can spy misuse or eavesdrop on your web browsing history without your knowledge.
Google Chrome has also shared the benefits of DNS-over-HTTPS, as follows:
- Chrome can verify the authenticity of the intended DNS service provider.
- Chrome can check for the integrity of the response received from the DNS service provider
- Connecting between Chrome and the DNS service provider remains confidential.
Chrome’s Secure DNS is being made available on Chrome OS, Windows, and Mac OS. Meanwhile, Secure DNS will be rolled out for Android and Linux in the future.
Meanwhile, here’s how you can enable DNS over HTTPS in Firefox, Edge, Opera, to block ISP tracking.
