• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is Secure Access Service Edge (SASE)
      • What is Security Service Edge (SSE)
      • What is a Cloud Access Security Broker (CASB)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Products & Services

DoH! What’s all the fuss about DNS over HTTPS?

Author avatar of Robbie GrueRobbie Grue
Updated — June 30, 2020 • 4 minute read
View blog >

Cisco Umbrella now supports DoH

Not all DNS services are created equally. Some break. Some fail to connect to domain servers. Speeds can vary, and if not kept up-to-date, some DNS services can affect the ability to work efficiently. But with more than a decade of leadership in recursive DNS services (13+ years and counting!) Cisco Umbrella boasts significant advantages when it comes to understanding how both legitimate and non-legitimate parties register domains, provision infrastructure, and route internet traffic.

Back in the old days when we were known as OpenDNS, we started with the mission to deliver the most reliable, safest, smartest, and fastest DNS resolution in the world. It was a pretty tall order, but we did it — and we’re still doing it today under our new name, Cisco Umbrella. (Here’s one for the trivia champions: OpenDNS was acquired by Cisco on August 27, 2015.)

In fact, TechRadar Pro recognized us as having the best free and public DNS server for 2020. You don’t have to take our word for it — check it out here. But just because we’re the best doesn’t mean we’ll stop innovating.

We recently announced support for DNS over HTTPS, commonly referred to as DoH, a standard published by the Internet Engineering Task Force (IETF). Cisco Umbrella offers DNS resolution over an HTTPS endpoint as part of our home and enterprise customer DNS services. Users may now choose to use the DoH endpoint instead of sending DNS queries over plaintext for increased security and privacy. DoH can increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks. In addition, when DoH is enabled, it ensures that your ISP can’t collect personal information related to your browsing history. It can often improve performance, too.

How does it work?

DoH works just like a normal DNS request, except that it uses Transmission Control Protocol (TCP) to transmit and receive queries. Both requests take a domain name that a user types into their browser and send a query to a DNS server to learn the numerical IP address of the web server hosting that site. The key difference is that DoH takes the DNS query and sends it to a DoH-compatible DNS server (resolver) via an encrypted HTTPS connection on port 443, rather than plaintext on port 53. DoH prevents third-party observers from sniffing traffic and understanding what DNS queries users have run or what websites users are intending to access. Since the DoH (DNS) request is encrypted, it’s even invisible to cybersecurity software that relies on passive DNS monitoring to block requests to known malicious domains.

DoH is a choice, not a requirement

So what’s all the fuss about DoH? It all comes down to user privacy. And since privacy is a hot topic, it will continue to be blogged and chatted about wildly. To block or not to block DoH is a personal choice. Mozilla blazed the trail with the Firefox browser, but other vendors like Microsoft and Google recently announced plans to add support for DoH in future releases of Windows and Chrome. Mozilla started enabling DoH by default in version 69 of Firefox, and started rolling it out gradually in September 2019. Cisco Umbrella supports Mozilla’s ‘use-application-dns.net‘ canary domain, meaning that Firefox will disable DoH for users of Cisco Umbrella.

Because DoH is configured within the application, the DNS servers configured by the operating system are not used. This means that the protection provided by Cisco Umbrella may be bypassed by applications using DoH. But don’t worry… you can block this feature easily with Umbrella, too. Most of our enterprise customers choose not to utilize DoH. It isn’t right for everyone.

Protect your Umbrella settings

Our team at Cisco Umbrella recommends that companies use enterprise policies to manage DoH on endpoints they control. For detailed help on how to proceed, check out this helpful article, GPO and DoH.

To block DoH providers and keep your Umbrella deployment settings follow these simple steps:

1. Navigate to Policies > Content Categories

2. Select your in use category setting.

3. Ensure that “Proxy/Anonymizer” is selected

Example of settings to block DNS over HTTPS (DoH) providers - Cisco Umbrella Blog

4. Save.

Your users will now remain covered by Umbrella as Firefox gradually rolls out this change to their users.

How to disable DoH in Firefox

Firefox allows users (via settings) and organizations (via enterprise policies and a canary domain lookup) to disable DoH when it interferes with a preferred policy. For existing Firefox users that are based in the United States, the notification below will display if and when DoH is first enabled, allowing the user to choose not to use DoH and instead continue using their default OS DNS resolver.

Example of a Mozilla warning, regarding DNS over HTTPS (DoH) - Cisco Umbrella Blog

Reliable, effective protection with Cisco Umbrella

Cisco Umbrella is the leading provider of network security and DNS services, enabling the world to connect to the internet with confidence on any device. When connecting directly to the internet, organizations need security that is incredibly reliable and eliminates performance problems for end users. Umbrella is built upon a global cloud infrastructure that has delivered 100% uptime since 2006 and we provide automated failover for simplified deployment and management. By leveraging our extensive peering relationships with the top internet service providers (ISPs), content delivery networks (CDNs), and SaaS platforms, such as O365, Umbrella optimizes the routes between core networks and our cloud hubs, providing superior performance and user satisfaction.

Umbrella’s support for DoH is just another demonstration of our commitment to delivering the best, most reliable, and fastest internet experience to more than 100 million enterprise and consumer users (and counting).

For more information on DoH, visit our knowledge base.

Suggested Blogs

  • Embrace SASE With Cisco February 28, 2023 3 minute read
  • Cisco Umbrella + Cisco Duo Are Better Together February 14, 2023 7 minute read
  • Cisco Enhances Cloud DLP With Unified Management and More December 8, 2022 3 minute read

Share this blog

FacebookTweetLinkedIn

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella