Cloudflare Research logo

Oblivious DNS over HTTPS

Oblivious DNS over HTTPS

Oblivious DNS over HTTPS (ODoH) is an emerging protocol being developed at the IETF and co-authored by engineers from Cloudflare, Apple, and Fastly. ODoH is supported by leading proxy partners, including PCCW Global, SURF, and Equinix.

The ODoH protocol is a practical approach for improving privacy of users and aims to improve the overall adoption of encrypted DNS protocols without compromising performance and user experience on the Internet. ODoH works by adding a layer of public key encryption, as well as a network proxy between clients and DNS over HTTPS servers such as The combination of these two added elements guarantees that only the user, and not any other single entity, has access to both the DNS messages and their own IP address at the same time.

We’ve made source code available, so anyone can try out ODoH or run their own ODoH service.


2021Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

Proceedings on Privacy Enhancing Technologies 2021, Volume 4, pp. 575–592. 2021.
Sudheesh Singanamalla, Suphanat Chunhapanya, Jonathan Hoyland, Marek Vavruša, Tanya Verma, Peter Wu, Marwan Fayed, Kurtis Heimerl, Nick Sullivan, Christopher A. Wood

2022RFC 9230: Oblivious DNS over HTTPS

Internet Engineering Task Force (IETF). 2022.
Eric Kinnear, Patrick McManus, Tommy Pauly, Tanya Verma, Christopher A. Wood

Blog posts