Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Network Security

Google Makes DNS Over HTTPS Generally Available

Google this week announced the general availability of its standard DNS over HTTPS (DoH) service, which includes full RFC 8484 support.

Google this week announced the general availability of its standard DNS over HTTPS (DoH) service, which includes full RFC 8484 support.

The DoH protocol is meant for sending DNS queries and getting DNS responses over HTTP using TLS security for integrity and confidentiality, as detailed in RFC 8484

Google has launched its DoH service in 2016, as an experiment, but is now confident to roll it out generally with full RFC 8484 support at a new URL path, as well as with support for the JSON API. The service builds on Google Public DNS, which was launched in 2009.

“Now our users can resolve DNS using DoH at the domain with the same anycast addresses (like as regular DNS service, with lower latency from our edge PoPs throughout the world,” Google reveals

The new endpoints, the search giant says, are (RFC 8484 – GET and POST) and (JSON API – GET). 

“We are deprecating internet-draft DoH support on the /experimental URL path and DoH service from, and will turn down support for them in a few months,” the Internet company reveals. 

Google Public DNS, the search giant explains, is meant to provide fast, private, and secure DNS resolution through both DoH and DNS over TLS (DoT). Thus, the JSON API will be supported until there is a comparable standard for webapp-friendly DoH.

Advertisement. Scroll to continue reading.

Developers looking to leverage Google’s DoH service should configure their applications to use the new DoH endpoints, as well as to properly handle HTTP 4xx error and 3xx redirection status codes.

Developers should set apps to use instead of and should switch to the new /dns-query URL path and confirm full RFC 8484 compliance. Those using the JSON API can employ two new GET parameters for DNS/DoH proxies or DNSSEC-aware applications.

In 30 days, Google will turn down the /experimental API and HTTP requests for it will get an HTTP redirect to an equivalent URI. Thus, developers should ensure DoH applications handle HTTP redirects by retrying at the URI specified in the Location header.

The will be taken down in three stages, Google also explains.

Within 45 days, the domain name will be updated to return and other Google Public DNS anycast addresses, but will continue to return DNS responses to queries sent to former addresses of 

In 90 days, the company will return HTTP redirects to for queries sent to former addresses of Finally, in 12 months, HTTP redirects will be sent to for all queries sent to the anycast addresses using the domain.

The Internet giant says it will post timelines for redirections on the public‑dns‑announce forum and on the DoH migration page. The company also published DoH documentation containing required technical details. 

Related: Mozilla Testing DNS-over-HTTPS in Firefox

Related: Cloudflare Launches Free Secure DNS Service

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...