Also known as DoH, Domain Name System over Hypertext Transfer Protocol Secure
protocol to run DNS queries over HTTPS

JSON API for DNS over HTTPS (DoH) | Public DNS | Google for Developers
developers.google.com →JSON API for DNS over HTTPS (DoH) Stay organized with collections Save and categorize content based on your preferences. Google Public DNS offers a web-friendly API for DNS-over-HTTPS (DoH) with DNSSEC validation, eliminating the need for browser extensions. Responses are provided in JSON format, containing details like DNS status, answer records, and optional DNSSEC information. The API supports various DNS record types and features such as EDNS Client Subnet for location-aware queries and DNSSEC validation for enhanced security. For detailed information on DoH, secure transports, and privacy practices, refer to the provided documentation links. Since 2016, Google Public DNS has offered a web-friendly API for DoH with DNSSEC validation that does not require browser or OS configuration or extensions. Simple GET query parameters and JSON responses allow clients to parse the results using common web APIs and avoid complex DNS message format details like pointer compression for domain names . See the general DoH documentation page for information about DoH generally, such as HTTP headers, redirect handling, privacy best practices, and HTTP status codes. The Secure Transports page has curl command line examples for DoH, and information common to DoH and DNS over TLS (DoT), such as TLS support and DNS truncation. All API calls are HTTP GET requests. In the case of duplicate parameters, only the first value is used. Desired content type option. Use ct=application/dns-message to receive a binary DNS message in the response HTTP body instead of JSON text. Use ct=application/x-javascript to explicitly request JSON text. Other content type values are ignored and default JSON content is returned. Applications should always handle (and ignore, if necessary) any DNSSEC records in JSON responses as other implementations may always include them, and we may change the default behavior for JSON responses in the future. (Binary DNS message responses always respect the value of the DO flag.) If you are using DNS-over-HTTPS because of privacy concerns, and do not want any part of your IP address to be sent to authoritative name servers for geographic location accuracy, use edns client subnet=0.0.0.0/0 . Google Public DNS normally sends approximate network information (usually zeroing out the last part of your IPv4 address). API clients concerned about possible side-channel privacy attacks using the packet sizes of HTTPS GET requests can use this to make all requests exactly the same size by padding requests with random data. To prevent misinterpretation of the URL, restrict the padding characters to the unreserved URL characters : upper- and lower-case letters, digits, hyphen, period, underscore and tilde. See RFC 7871 (EDNS Client Subnet) for details about “scope prefix-length” and how it affects caching. All TXT records are encoded as a single JSON string including uses of longer TXT record formats such as RFC 4408 (SPF) or RFC 4871 (DKIM) . The general EDNS extension mechanism is not supported. The EDNS Client Subnet option (edns-client-subnet) is a parameter in the GET request and a top level field in the JSON response. Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Excerpt from a page describing this subject · 12,108 chars · not written by Vinony
via Wikidata · CC0
via Wikidata sitelinks · CC0
Discovered by embedding cosine similarity (sentence-transformers MiniLM, 384-dim).