Google Research

SAC109 - The Implications of DNS over HTTPS and DNS over TLS

  • Warren Kumari
  • Barry Leiba
  • Suzanne Woolf
  • Joe Abley
  • Tim April
  • Paul Ebersman
  • Ondrej Filip
  • Geoff Huston
  • Jacques Latour
  • John Levine
  • Chris Roosenraad
  • Tara Whalen
ICANN Security and Stability Advisory Committee (SSAC) Reports and Advisories (2020), pp. 34


Encrypted DNS technologies, including DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT), are recent protocols developed for the primary purpose of enhancing user privacy. They accomplish this in several ways, including encrypting their traffic in transit and permitting DNS resolver selection and resolution in applications.

Major browser vendors, Internet Service Providers (ISPs), and others are deploying support for these technologies. Their deployment brings a number of possible implications, both positive and negative, to the ICANN community, operators and users of the DNS, and Internet users. This report analyzes the initial effects of these technologies by identifying some groups whose online experiences around privacy could change with the deployment of these technologies. Detailed analysis of effects will have to wait for more widespread deployment and measurement. This report discusses implications occurring now, and raises some longer-term questions for the future. This report frames the issues from the perspectives of interested parties, with the understanding that the issues are nuanced, and that readers coming from different perspectives will have different sensitivities: readers from two different perspectives are likely to view a single issue in two different ways.

The intended audience for this report is both the ICANN community and the greater Internet community. This includes network operators, DNS software implementers, policy makers, and concerned Internet users.

Learn more about how we do research

We maintain a portfolio of research projects, providing individuals and teams the freedom to emphasize specific types of work