DNS over HTTPS
E746659
DNS over HTTPS is a protocol that sends DNS queries and responses over encrypted HTTPS connections to enhance privacy and security.
All labels observed (1)
| Label | Occurrences |
|---|---|
| DNS over HTTPS canonical | 3 |
How this entity was disambiguated
This entity first appeared as the object of triple T8621527 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
NED1
Entity disambiguation (via context triple)
gpt-5-mini-2025-08-07
Target entity: DNS over HTTPS Context triple: [RFC 9250, relatedTo, DNS over HTTPS]
-
A.
DNS over TLS
DNS over TLS is a security protocol that encrypts traditional DNS queries and responses using Transport Layer Security to protect user privacy and prevent eavesdropping or tampering.
-
B.
DNS over DTLS
DNS over DTLS is a protocol that secures DNS queries using Datagram Transport Layer Security over UDP, providing encryption and integrity while preserving DNS’s low-latency, connectionless nature.
-
C.
DNS over QUIC (DoQ)
DNS over QUIC (DoQ) is a modern DNS transport protocol that uses the QUIC encrypted, multiplexed UDP-based transport to provide faster, more secure, and more reliable DNS queries than traditional methods.
-
D.
OpenDNS
OpenDNS is a cloud-delivered DNS and security service provider known for web filtering, phishing protection, and enterprise network security solutions.
-
E.
DNSSEC
DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
NED2
Entity disambiguation (via description)
gpt-5-mini-2025-08-07
Target entity: DNS over HTTPS Target entity description: DNS over HTTPS is a protocol that sends DNS queries and responses over encrypted HTTPS connections to enhance privacy and security.
-
A.
DNS over TLS
DNS over TLS is a security protocol that encrypts traditional DNS queries and responses using Transport Layer Security to protect user privacy and prevent eavesdropping or tampering.
-
B.
DNS over DTLS
DNS over DTLS is a protocol that secures DNS queries using Datagram Transport Layer Security over UDP, providing encryption and integrity while preserving DNS’s low-latency, connectionless nature.
-
C.
DNS over QUIC (DoQ)
DNS over QUIC (DoQ) is a modern DNS transport protocol that uses the QUIC encrypted, multiplexed UDP-based transport to provide faster, more secure, and more reliable DNS queries than traditional methods.
-
D.
OpenDNS
OpenDNS is a cloud-delivered DNS and security service provider known for web filtering, phishing protection, and enterprise network security solutions.
-
E.
DNSSEC
DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
- F. None of above. chosen
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
network protocol
ⓘ
privacy-enhancing technology ⓘ |
| abbreviation | DoH NERFINISHED ⓘ |
| canBeImplementedBy |
network resolvers
ⓘ
operating systems ⓘ web browsers ⓘ |
| canUse | JSON format (non-standard) ⓘ |
| comparedWith | traditional DNS over UDP ⓘ |
| definedInStandard | RFC 8484 NERFINISHED ⓘ |
| deployment |
consumer routers (in some models)
ⓘ
enterprise networks ⓘ public recursive resolvers ⓘ |
| doesNotHide |
SNI in TLS 1.2
ⓘ
destination IP addresses ⓘ |
| encapsulates | DNS messages in HTTP ⓘ |
| encryptionProvidedBy | TLS NERFINISHED ⓘ |
| payloadFormat | wire-format DNS messages ⓘ |
| primaryGoal |
enhance DNS privacy
ⓘ
prevent DNS eavesdropping ⓘ prevent DNS manipulation ⓘ |
| privacyProperty |
hides DNS content from ISP resolvers when using third-party DoH
ⓘ
hides DNS content from local network observers ⓘ |
| protectsAgainst |
DNS spoofing on local network
ⓘ
on-path DNS monitoring ⓘ |
| publicationYear | 2018 ⓘ |
| relatedTo |
DNS over TLS
ⓘ
DNSSEC NERFINISHED ⓘ |
| requires | HTTPS URI template ⓘ |
| runsOver |
QUIC
NERFINISHED
ⓘ
TCP NERFINISHED ⓘ TLS NERFINISHED ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| supportedBy |
Android (system resolver, some versions)
ⓘ
Apple Safari NERFINISHED ⓘ Google Chrome NERFINISHED ⓘ Microsoft Edge NERFINISHED ⓘ Mozilla Firefox NERFINISHED ⓘ Windows 10 NERFINISHED ⓘ Windows 11 NERFINISHED ⓘ various public DNS providers (e.g., Cloudflare, Google Public DNS, Quad9) ⓘ |
| supports |
GET method
ⓘ
POST method ⓘ |
| transports |
DNS queries
ⓘ
DNS responses ⓘ |
| usesPort | 443 ⓘ |
| usesProtocol |
HTTP/2
ⓘ
HTTP/3 NERFINISHED ⓘ HTTPS NERFINISHED ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
Instruction
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Input
Subject: DNS over HTTPS Description of subject: DNS over HTTPS is a protocol that sends DNS queries and responses over encrypted HTTPS connections to enhance privacy and security.
Referenced by (3)
Full triples — surface form annotated when it differs from this entity's canonical label.