1

I was just introduced to the Domain Name System Security Extensions (DNSSEC) and it sounds very similar to the concept of DNS-over-HTTPS (DoH) and DNS-over-TLS: to add privacy and security into DNS lookups.

What are the main differences between these protocols? Do they compete/serve the same goals?

MakisH
  • 967
  • 1
  • 9
  • 23

1 Answers1

6

DNSSEC just signs answers, to check integrity and preserve DNS cache poisoning from unauthorized fake "servers". With DNSSEC, any eavesdropper can:

  • listen traffic
  • understand "this is DNS"
  • watch domain names for request/responses.

DOH is DNS over HTTPS. There is:

  • traffic encrypted
  • eavesdropper cannot understand - is this DNS or web http.
  • eavesdropper unable to see contains of requests/answers.

Advantage of DNSSEC - more quick. Advantage of DOH - more private.

olegarch
  • 3,670
  • 1
  • 20
  • 19
  • "Advantage of DNSSEC - more quick." This makes no sense. "more quick" than that? As for "Advantage of DOH - more private." no this is not so clear cut, it depends on your network and who you contact as nameserver (what are its privacy policies?) – Patrick Mevzek Sep 05 '20 at 19:05
  • 1
    Great answer by olegarch, Thanks! – Antonio23249 Jun 01 '23 at 09:43