DNS over HTTPS, often shortened to DoH, is a method of performing DNS lookups through an encrypted HTTPS connection instead of sending them in plain text. It hides which domains a device is looking up from anyone monitoring the network.
Normally, a device sends DNS queries in plain text to a DNS resolver, which means anyone watching the network traffic, including an internet provider, can see which domains are being looked up. DNS over HTTPS wraps that same query inside an encrypted HTTPS connection, so the request looks like regular secure web traffic to any outside observer. The DNS resolver receives the encrypted query, decrypts it, finds the matching IP address, and sends the encrypted answer back the same way. Many modern browsers now support DNS over HTTPS by default, which changes how DNS-based blocking and monitoring can work at the network level.
Most proxy users only need to understand this well enough to debug it, not configure it directly.
USER-country-de-session-task01The username carries the config: "country-de" picks the exit, "session-task01" holds it in place while DNS over HTTPS does its work underneath. No separate API call or handshake -- the label is the setting.
Measure this metric without a proxy first, so you know what the gateway adds versus what was already there.
This concept governs the connection to the gateway and the gateway to the target -- check both when something looks wrong.
KnoxProxy manages this at the infrastructure layer, so most jobs only need to understand it well enough to debug.
A new ISP, VPN, or office network can change how this behaves -- confirm it again after any local network change.
A privacy-focused user enables DNS over HTTPS in their browser so their internet provider cannot see which websites they are looking up, even while using a proxy.
DNS over HTTPS adds a layer of privacy that complements proxy use by hiding domain lookups from network-level monitoring. It also matters for proxy configuration, since some setups need DNS to route through the proxy specifically to avoid leaking real DNS queries outside the encrypted tunnel.
Not always. Depending on the setup, DNS over HTTPS queries might bypass the proxy entirely and go directly from the browser to a DNS resolver, which can create a DNS leak if privacy through the proxy is the goal.
If DNS queries are sent outside the encrypted proxy tunnel in plain text, anyone monitoring the network can still see which domains are being visited, even if the actual browsing traffic itself is routed through the proxy.
Ready to put this into practice? Read the Docs
Start a free trial and test with real targets -- no credit card, no sales call.