How and when to use DNS over HTTPS (DoH)

How and when to use DNS over HTTPS (DoH)

In this post I will talk about the latest project of mine - IDEA Ramen, a simple and a little different domain name generator and how it uses an in-browser DNS lookup over https to perform real time and private domain queries.

Main purpose of DNS (DNS over HTTPS) resolving over HTTP is privacy and security by preventing a man in the middle attack. There are many different use cases of DoH but for the purpose of this post we will go though a simple DNS query for an 'A' record in order to find if the DNS is setup or missing.

Idea ramen project uses this query to guess whether the specific domain is still available or already been reserved by someone.

In essence, DoH simply allows a communication between a client and a public DNS server over SSL. A client can be any piece of software capable of communicating over HTTPS protocol. In our case, this client is a browser running a javascript code to communicate with the public DNS resolver capable of DoH.

We chose the following but these choices are specific to IDEA Ramen use case. You might wanna try different libraries. DoH is a well defined protocol so you can always change client or the provider without effecting your implementation.

Now it just about making a simple call from the browser. The following code block queries Cloudflare open DNS resolver to find an A record entry for JapaneseTaco.com domain.

<script src="https://cdn.jsdelivr.net/npm/dohjs@latest/dist/doh.min.js"></script>

// Using cloudflare open dns resolver
const DNS = new doh.DohResolver('https://1.1.1.1/dns-query')

DNS.query('JapaneseTaco.com', 'A')
    .then(response => {
        const available = response.rcode == 'NXDOMAIN' ? true : false
        console.log('JapaneseTaco.com is avaiable: '+available)
    })
    .catch(err => {
        console.error(err)
    })
    .finally(() => {
        console.log('Finished query!')
    })
    

Now that we know the status of an A record, we can make a guess whether this domain name is still available or not. Note that this way of querying is fast but this is not authoritative since some domains can be mis-configured or pre reserved by the registrar which will result in false positive.

So why did we choose DNS resolving over whois lookup? and why client side in-browser resolving instead of the server side DNS resolving?

The answer to both lies in privacy and user experience. We chose to make a compromise on accuracy to give private and better experience when you are searching for your next domain. Simple as that.

IDEA Ramen use case is probably not the usual one. But I wanted to give you a quick overview of what DoH can do and how easily it can be used.

When to use DoH

It's simple, when you want privacy, security, ease of use and simplicity.

Hope you enjoyed this post and learned something new today.

Show Comments