CIRA, the .ca domain name registry, will be providing DNS over HTTPS for Firefox users in Canada.
So what’s that all about?
In common with many domain name registries, CIRA has diversified over the last few years. Offering DNS based services is a logical extension for a domain name registry, as the larger ones will have built out quite a lot of technical infrastructure for their core business. Pivoting slightly to offer security services that hang off the DNS isn’t a terribly big reach, so CIRA has been rolling out services in that space over the last couple of years.
What’s this DNS over HTTPS stuff?
Over the last few years there’s been a growing interest in how DNS resolution and privacy (and security) can work together. So on a technical level there was the development of two new ways of handling lookups, namely DNS over HTTPS (DoH) and DNS over TLS (DoT). Normal DNS lookups are sent in plain text and it would be possible for a nefarious actor to garner quite a bit of information if they knew what DNS lookups a user (or device) was making. There’s been a lot written about the positive (and negative) aspects of both DoH and DoT, so I won’t go into it here.
Both Chrome and Firefox now support DoT. When the “secure DNS” service was initially launched only a very small number of providers offered the technology, so most users would have ended up using an American provider, as most ISPs hadn’t started offering their own version.
The CIRA offering will be the first country specific DoH provider to be part of Mozilla’s Trusted Recursive Resolver (TRR) Program.
More details on the CIRA site.
Leave a Reply