DNS Oblivious, the New Most Private Standard for Browsing

In order to surf the Internet, some fundamental factors are necessary. One of them is DNS, which is used to translate domain names into the corresponding IP addresses. In this way we do not need to remember a large number of numbers, but simply the name of each site. In this article we echo the new DNS Oblivious standard , which promises maximum privacy to users.

New Oblivious DNS standard

This new standard called DNS Oblivious has been created by engineers from Apple, CloudFlare and Fastly with the aim of improving the privacy of users when carrying out DNS operations.

DNS Oblivious

As we have mentioned, whenever we connect to the Internet we are going to need DNS. It is fundamental. For example, what it does is translate redeszone.net by the corresponding IP address and in this way it shows us the page in the browser. There are many DNS servers that we can use, both those of the operator and any other public that we want to configure.

Therefore we can have faster, more private DNS servers or even that are configured to avoid certain pages that may be dangerous. Ultimately it can also act as a filter.

Something fundamental about all this is to prevent third parties from intercepting the traffic of our device. That’s where DNS over HTTPS and DNS over TLS standards come into play. By using one of these standards the traffic is encrypted. However, it must be taken into account that the DNS provider will have access to the IP address of the device used by the user. This is what DNS Oblivious prevents.

The abbreviation for this new standard is ODoH , which stands for Oblivious DNS over HTTPS.

Actualización de DNS falsa

DNS Oblivious adds an extra layer of privacy

What the new DNS Oblivious standard does is add a proxy to the requests that are between the client device and the DNS provider. This means that all traffic will go through that proxy first, which hides the user’s IP address and adds extra privacy.

The DNS provider will only communicate with that proxy and not with the client. It basically means that the DNS provider is going to see the IP address of that proxy and not that of the user’s device.

In addition to this, the proxy sees the user’s IP address but has no information about the DNS request, which is encrypted.

ODoH adds another level of encryption to the DNS message itself to ensure that the proxy cannot read it. From CloudFlare they analyzed the operation of this standard to observe the performance and found that there is some loss of performance but that it is marginal.

At the moment the DNS Resolver 1.1.1.1 of CloudFlare are already compatible with ODoH. They hope that this support will also reach Firefox in the future, which is one of the most popular and used browsers worldwide.

In short, this new Oblivious DNS standard adds an extra layer of privacy, a very important factor for users when surfing the net. The objective is to always preserve the data when we are going to enter a web page and thus prevent third parties from accessing that information. We leave you a list with the fastest DNS servers.