Cloudflare has announced its latest method to protect DNS privacy: Oblivious DoH, which separates the end-user device’s IP address from the DNS query. The company has worked with engineers from tech giants like Apple and Fastly to make this possible.
Cloudflare Oblivious DoH
Cloudflare also says that it has made the source code for ODoH available for everyone. Therefore, anyone interested in offering a better level of DNS privacy can start their ODoH service. Those who are currently using Cloudflare’s 126.96.36.199 DNS for improved security will now have access to this enhanced DNS standard.
Cloudflare offers end-user privacy and security solutions for quite some time now. The company has also criticized the current DNS standard, saying that it does not respect users’ privacy and anyone between the end-point device.
The DNS resolver can find data from the query string, which is sent in plain text. DoH conveniently solves the problem by making it impossible to simultaneously capture the query details and the IP address. That is, even if someone manages to capture a DNS query before it reaches the DNS resolver, they won’t be able to find out the IP address of the client.
Cloudflare says that the IETF has approved the standardized encryption with DNS over HTTPS and DNS over TLS, and the client support for this new DNS standard has also increased in recent months. The latest versions of Firefox and iOS now comes with the backing for Oblivious DoH, but Internet Service Providers are still lagging.
Meaning, users have to rely on Cloudflare’s private DNS service to make the best use of ODoH. Cloudflare added that many partners like PCCW Global, Surf, and Equinix are part of this endeavor towards a more privacy-friendly internet experience.
Cloudflare notes that it cannot give a clear picture regarding the implications of Oblivious DoH on performance at this point. Further deployment of the DNS standard is required before knowing if it trades speed for extra security/privacy.
For more technical details about Oblivious DoH, check out Cloudflare’s official blog post.