What are the major ISPs' concerns about DoH, a technology that makes the Internet more secure?



When you access the site with a general browser, a request ( DNS query ) is sent to the Domain Name System (DNS) to convert the domain name into an IP address. Some of the telecommunications industry, including Internet service providers (ISPs), are concerned about the movement to improve security by introducing DNS over HTTPS (DoH) that encrypts this DNS query. .

Why big ISPs aren't happy about Google's plans for encrypted DNS | Ars Technica

Since conventional DNS queries are performed in plain text, it has been pointed out that there is a possibility that the contents may be looked into or altered by a third party, which is a major security problem. Google and Mozilla are trying to address this concern by implementing DNS over HTTPS (DoH), which sends DNS queries to the browser using the encrypted HTTPS protocol.

Google's free DNS service `` Google Public DNS '' supports TLS security-gigazine

Announced that Firefox will officially implement `` DNS over HTTPS (DoH) '' that encrypts communication with DNS-GIGAZINE

On the other hand, ISPs have raised two concerns about DoH, a technology that protects user privacy.

The first is that DNS encryption makes Internet filtering and parental control difficult . For example, a DNS query to a domain associated with malware is a sign that the user is infected with malware. In addition, by introducing a filter that rewrites DNS queries for prohibited domains, children can be prevented from accessing adult sites. Mozilla, which has been actively promoting the DoH, in the United Kingdom that filtering of porn sites are required by law as 'not enabled by default the DoH' stated was.



The second one is for Google with Chrome, the web browser with the top share , and concerns that `` Google will direct Chrome users to their own DNS server, so that DNS will be aggregated with Google '' is. However, Google has denied this concern: “Google is not thinking of consolidating DNS providers into Google. The claim that 'Google is trying to become a centralized encryption DNS provider' is not correct.” Did.

by Stephen Shankland

Google has announced that DoH will be piloted from Chrome version 78 onwards. However, Google said that DoH is enabled only for whitelisted DNS providers, and because it switches gradually, it does not cause confusion.

British Internet Service Providers Association (ISPA) criticizes Mozilla, citing 'Encrypting DNS queries makes filtering and parental control difficult, making the Internet unsafe'. Also, on September 19, 2019, an American telecom industry group said in a letter (PDF file) addressed to Congress about Google's support for DoH: `` Interfering with important Internet functions, May cause data race problems. '

Furthermore, according to the Wall Street Journal , the House of Justice Commission of the American Parliament said on September 13, 2019, that Google would use the data collected with the new DoH protocol for commercial purposes. Originally, we asked Google for details of the DoH introduction plan.

According to Ars Technica, a technical media, “It is not necessary that ISPs have been able to sniff user DNS queries, and it is not inevitable,” DNS encryption makes the Internet more secure Insist that it is one of the natural flow to become. He admits that the adjustment on the ISP side is quite difficult, but said that it is not a reason to refuse DoH.

in Software,   Web Service, Posted by log1i_yk