Menu
Cart

DNS over HTTPS: things to consider when you go “private”

How privacy, security, and smart network controls work together, and how Epis Technology helps businesses use them the right way.

In the last few years, DNS over HTTPS (DoH) has been one of the most talked-about internet privacy tools. After Google made DoH widely available and Mozilla rolled it out in Firefox, it has gotten both praise and criticism from security experts, ISPs, and IT decision-makers.

Why? DoH greatly improves privacy, but it also breaks long-standing DNS-based security practices. That double effect means that homes and businesses need to carefully think about DoH before turning it on across their networks.

Epis Technology focuses on safe, Synology-based network deployments, so we always tell our clients that a good DoH deployment strategy is very important. Below, we’ll talk about how DoH works, what its pros and cons are, and how Synology Router Manager (SRM) helps you find the right balance, especially when used with Epis Technology’s knowledge.

DoH: A Big Step Toward Private Browsing

Most websites already use HTTPS encryption, but DNS requests, which are the lookups that turn a domain name into an IP address, are usually sent in plain text. This means that ISPs, routers along the way, or bad actors can see exactly what websites a user goes to.

DoH fixes this by hiding DNS queries in HTTPS traffic, which makes them invisible to people outside the network. Only the DoH client (like a browser) and the DoH server provider you choose can see the request.

This gives:

  • Protection against DNS hijacking
  • Stopping tracking at the ISP level
  • More privacy against profiling by third parties

But it also makes it harder for tools that rely on DNS inspection to see things, which creates a conflict between privacy and security controls.

Why Some ISPs Don’t Like DoH

A lot of ISPs depend on DNS visibility for:

  • Legal requirements for logging traffic
  • Parental control products that use DNS
  • Services that filter out malware

These features stop working if DNS traffic is encrypted all the way through.

But it’s not just ISPs that lose visibility; firewalls, parental control devices, and home security gateways that use DNS-based content filtering do too. This makes it hard for homes and businesses that want both privacy and smart threat filtering.

The Problem: Device-Level DoH Is Hard

DoH is supported by some browsers, like Firefox and Chrome, but not by most operating systems or IoT devices. To turn on DoH, you usually need:

  • Setting up from the command line
  • Setup for each device
  • Updates and maintenance by hand

That level of configuration is not practical for businesses.

This is where Synology Router Manager (SRM) and Epis Technology’s deployment strategy come in. They make things a lot easier.

DoH at the Router Level: The Best of Both Worlds

With SRM 1.2.3, Synology added native DoH support, which lets every device on the network use encrypted DNS without any problems.

One Setting: Encryption for the Whole Network

Administrators can choose a DoH provider, like Google or Cloudflare, through SRM’s network settings. With one action, all DNS queries leaving the network are encrypted. No need to change settings on each device.

DNS Filtering Is Still Working

Because DNS is only encrypted after it leaves the router, SRM’s built-in tools for Safe Access, Threat Prevention, and parental controls can still look at and filter DNS requests that come from inside the network.

This means:

  • Parents still have control over blocked categories
  • Businesses keep using DNS-based threat detection
  • Users get full privacy from snooping by their ISPs

Instead of making you choose between privacy and protection, SRM combines the two.

How Epis Technology Helps You Set Up DoH the Right Way

Epis Technology helps businesses and homes use DoH as part of a larger security plan powered by Synology.

We offer the following services:

• Set up a secure router and deploy DoH

We set up Synology Routers to protect your privacy as much as possible while keeping important DNS-based security controls in place.

• Design for Zero-Trust DNS and Content Filtering

SRM’s smart architecture helps businesses keep advanced filtering, logging, and monitoring going, even with encrypted DNS.

• Compatibility with DoH and IoT Network Segmentation

Encrypted DNS can make IoT devices act in ways that are hard to predict. Epis Technology makes sure that everything works together smoothly by using VLANs, firewall rules, and hybrid DNS settings.

• Integration of Threat Prevention

We use Synology’s IDS/IPS-powered Threat Prevention to make sure that encrypted traffic doesn’t go unnoticed.

Synology’s new features make DoH easier to use, but a professional setup makes sure you get the benefits of encryption without losing visibility, compliance readiness, or security control.

A smarter, safer way to get private DNS

DNS over HTTPS is a big change for privacy on the internet. DoH can break parental controls, security layers, and monitoring policies when set up through device-level tools. But when done at the router level, especially with Synology SRM, both businesses and home users can have privacy and security.

Epis Technology helps families and businesses safely, quickly, and strategically adopt DoH. This way, your network can use the latest privacy technology without losing the important security features that keep systems safe.

Related Posts