DNS over HTTPS: Is Encrypted DNS Slower?


When choosing the right internet connection and the right security protocol, there are many factors that can influence your decision, from the ease and convenience to its implementation, to the security of your data and the overall connection speed.

DNS over HTTPS is a relatively new Internet security protocol that promises increased privacy and online security. But how does it work, and are you going to trade fast internet for privacy?

What is DNS over HTTPS?

DNS over HTTPS (DoH) is a security protocol that allows you to send and receive Domain Name System (DNS) queries over Secure Hypertext Transfer Protocol (HTTPS). DoH encrypts all DNS records, which could be targeted to reveal information about your online activity as well as your physical location.

The protocol is by no means a niche or a specialty. In fact, most mainstream browsers, like Google Chrome, Microsoft Edge, Brave, Safari, and Opera, support the DoH protocol. As for Firefox, they enabled DoH by default for all US-based desktop users in 2019.

How does DNS over HTTPS work?

DoH connections are an improvement over normal DNS. The role of the DoH begins with the request for an IP address of a website or domain that your browser sends. The role of a DNS server in the equation is to convert the website name (the one you type into the address bar at the top of your browser) into a unique IP address that matches the website’s servers.

Once the IP address is returned, your browser switches to using HTTPS (or HTTP if the connection is not secure) and requests the IP address to access the websites you want. Since this is a long and tedious process, most browsers and websites rely on cached data to make it shorter.

You may have noticed that the encrypted connection only arrives after DNS has finished its role, leaving some of your data vulnerable to trackers and attackers. Using DoH, DNS queries are wrapped in HTTPS sessions.

But just like other types of communication and security protocols, the browser and receiving servers must use the same protocol. This means that you cannot use DoH when requesting from websites that do not support DoH.

Is DNS over HTTPS slower?


More often than not, privacy and security are paid for by slower connection speeds. After all, there is more data and web traffic to encrypt and decrypt, so it’s only natural that secure communication takes a little longer than unsecured communication.

Compared to other DNS encryption protocols, DoH has one of the longest page load and wait times. However, the differences are too small to count in the grand scheme of things. Not to mention how quickly your DoH works depends on DNS providers like Cloudflare and Google.

Can Encrypted DNS Be Fast?

Wanting to protect your online activity and keep it out of prying eyes is understandable. While DoH can negatively affect your connection speeds, not all encrypted DNS security protocols do.

A variant of encrypted DNS is DoT, which stands for DNS over TLS, or Transport Layer Security, a modern variant of SSL. DoT does the same job as DoH for the security and privacy of your connection.

The main difference is that DoT is faster than DNS in median response time for some clients, although there has been a slight increase in latency. However, recent research has determined that unencrypted DoT, DoH, and DNS performance varies by client, and no protocol has excelled in all trials and circumstances.

When it comes to choosing which Internet security protocol you want to use, you need to ask yourself the right questions. Whether or not DoH is right for you depends on whether you want more privacy and security for your browsing experience, albeit a bit slower.

broadband internet connections

Is your network secure? 5 ways to check your internet connection

Keeping your internet connection secure is essential to maximizing your online experience. Learn how to check it for safety.

Read more

About the Author


Previous Why Brand Owners Should Start Preparing for Blockchain Domain Names
Next Akamai's perspective on the state of DNS threats.

No Comment

Leave a reply

Your email address will not be published. Required fields are marked *