Introduction
This guide helps you integrate or evaluate the DNS over HTTPS (DoH) feature of Alibaba Cloud HTTPDNS. It covers:
-
How DoH and HTTPDNS compare and when to use each
-
Steps to integrate DoH
DoH vs. HTTPDNS
DoH transmits DNS queries and responses over HTTPS, encrypting them to prevent interception or tampering. Both HTTPDNS and DoH bypass the OS local DNS resolution path through HTTP/HTTPS, reducing the risk of domain hijacking and DNS pollution. HTTPDNS supports two protocols for different scenarios:
-
HTTPDNS protocol (proprietary protocol)
-
Advantages: Lightweight, extensible, with controllable traffic flow. Supports HTTP requests, identity authentication, service scheduling, and accelerated batch resolution.
-
Disadvantages: Requires adaptation of your network library, which may change its behavior.
-
-
DoH protocol (RFC 8484)
-
Advantages: Standardized format, native support from some network libraries, and low adaptation cost. Network library behavior stays consistent with local DNS.
-
Disadvantages: No authentication mechanism and not extensible. You cannot modify the network library's DoH request or cache policy.
-
Use DoH when the client network library is closed-source and SDK integration is costly, or when the underlying Chromium-based framework (CEF, Electron, Qt WebEngine) provides a DoH configuration interface.
-
DoH does not support passing business parameters and therefore does not support custom parsing.
Integration steps
To integrate DoH into a network library:
-
Apply the configuration to a network library or framework:
-
Verify the integration: set your mobile device's Wi-Fi DNS server to an invalid address. If business requests still succeed, the integration is working.
You can also obtain IP addresses by making DoH requests directly, as described in the DoH API reference. This guide also covers Configure the DoH service, DoH API reference, and Integrate network libraries with DoH.