Chrome to Encrypt DNS Lookups: What it Means

John Lister's picture

Google is increasing privacy on Chrome with a change to the way it connects users to websites. But businesses will be able to disable the move so they can keep tabs on staff.

The change is to the way Chrome connects with Domain Name Servers (DNS), which act a little like a telephone directory for the Internet. A DNS takes a website address that a user types into their browser and finds the matching IP address, which identifies the specific connection to the device such as a server (or service) that physically stores the website's files.

In the past, the connection between Chrome and a DNS was not encrypted, even when the website the user wanted to visit uses a secure, encrypted connection. That means somebody who intercepted the query to the DNS could figure out what sites a user had visited.

The consequences of that could range from embarrassment for people visiting unconventional sites to political consequences for people living under oppressive governments - for example, if they visited sites opposed to the government in question.

Parental Control 'Compromised'

Now Google will encrypt the connections to DNS queries. It follows the lead of Mozilla's Firefox which made the same change in February, though will affect considerably more users.

The change is controversial among people who believe they have a legitimate reason to access DNS queries. These include businesses that want to block access to particular websites among staff using office computers. (Source:

Others concerned about the move include makers of parental control software and Internet service providers that are required by law in some countries to block access to sites associated with copyright infringement and other illegal activity.

Phishing Scams Could Be Limited

Google says it will allow corporate network administrators to disable the encryption across their system. Users can also choose to disable the change in the Google settings menu.

The encryption isn't just about privacy. Google also says it will reduce the risk of somebody intercepting a DNS query and sending a fake reply to the user's computer. This meant it could allow scammers or hackers to direct the user to a look-alike site and try to trick the user into typing in a password or other sensitive data. (Source:

What's Your Opinion?

Is Google right to make this change? Do you think any of the reasons somebody might want to access DNS queries are legitimate? Has Google struck the right balance by making the encryption optional but on by default?

Rate this article: 
Average: 5 (12 votes)


ronangel1's picture

Proxy comes straight to mind.Even if company you work for can see dns cant see where it goes from there.So pointless for people with tec know how,but useful for banking and the like.

buzzallnight's picture

But no hackers will ever be able to figure out how to do this, right LOL!!!!!!!!!!!!
Ooops, they already did and it is not even out yet!!!!!!!!!