DoH (RFC 8484) wraps DNS queries in HTTPS, on port 443. From outside it looks like ordinary web traffic, so it's very hard to block or selectively rewrite.
Major resolvers — Cloudflare 1.1.1.1, Google 8.8.8.8, Quad9 9.9.9.9 — all support DoH. Modern browsers can use DoH directly, bypassing the OS resolver entirely.
IPFerret's /dns tool resolves through DoH at cloudflare-dns.com.
Try it on IPFerret
See also
- DNSThe distributed directory that maps human-readable names like example.com to IP addresses (and other records).
- DoTDNS encrypted with TLS on dedicated port 853 — same goal as DoH but uses its own protocol port.
- DNSSECCryptographic signatures on DNS records so resolvers can verify the answer wasn't forged or tampered with.