South Metro Web Designs

Why Your Web Browsing Isn’t Always Secure, And What You Can Do About It, And It Involves Your DNS

DNS Network

Even though you may think your web browsing is safe from prying eyes, there’s one actor who by default can see every site you go to. That’s where DNS over HTTPS comes in.


In a previous post, I talked about what SSL is, and why you need it. But even normal SSL can’t protect you from your Internet Service Provider (ISP).

While SSL encrypts and protects your web traffic between say, you and your bank, it doesn’t prevent your ISP from seeing that you visited your bank’s website.


Every website on the internet has an address, called an “ip address”. there are two standards for ip addresses:

ip v4, introduced in the early 80s consists of a 32-bit address (012.34.567.8), which has 4,294,967,296 possible combinations. In today’s internet, that’s not enough.

ip v6, which became a standard in 2017, uses 128-bit addresses (0123:4567:89ab:cdef:0123:4567:89ab:cdef). That’s 340,282,366,920,938,463,463,374,607,431,768,211,456 possible combinations.

But we as users don’t pay attention to those addresses. Instead, we use an easier to recognize address, called a “URL” (Uniform Resource Locator) like “”.

That’s where the Domain Name Server (DNS) comes in. Basically, DNS is a huge internet phonebook (kids, ask your grandparents) that associates the URL to the ip address.

The DNS process

When you type in (or click a link) for Amazon, your browser sends that request to the nearest DNS. It resolves the URL to the ip address, and routes your request to Amazon’s web server. That’s where SSL comes in. Your browser and their server negotiates a secure key to enable an encrypted signal.

Your ISP

But first the request goes through your ISP, and since encryption hasn’t been negotiated yet, the request is basically wide open for anyone to see. This also goes for anyone snooping on you in a public Wi-Fi space, like a coffee shop).

DNS over HTTPS seeks to change that, but you might have to enable it first.


With DNS over HTTPS enabled, Domain Name Servers negotiate a secure key to encrypt your DNS request. This keeps your ISP, or any other snooper from seeing what website(s) you’re visiting.

So the signal goes unencrypted from you to the DNS, there it is encrypted and sent on its way. All your ISP sees is that you sent a request to a DNS.

Web Browsers

Only Firefox enables DNS over HTTPS by default, Chrome, Edge, Brave, and Safari have to be enabled. This post from Cloudflair (a DNS) explains how

If you’re on Android, You can enable DNS over HTTPS by going to Settings/Network & Internet/ Private DNS and set it to “automatic”.

For you folks on iPhones, it’s a little harder. This post, again from Cloudflair explains how to implement it.

Sad to say, but privacy and security is in your hands. Don’t depend on your ISP to protect your privacy.

Subscribe to Receive Future Posts

Enter your email address to subscribe to this blog and receive notifications of new posts by email.


More Posts


What Is SSL And Why Do I Need It?

SSL (Secure Sockets Layer) is an internet protocol designed to secure transactions on the web and other apps. Here I will attempt to explain what

Send Us A Message

Leave a Reply

Your email address will not be published.

Hold On!
Before you go.
Subscribe to our newsletter.

And receive a comprehensive guide to setting up and managing your
Google Business Profile

Just complete our short survey on your business.
If you've already subscribed, thank you