By Joe Crowe, Janardhan Bollineni, Charlie Helfinstine, Thomas Modayil Jacob; Comcast
The domain name service (DNS) is one of the most critical internet services. It is often referred to as “the phonebook of the Internet”, meaning that the DNS facilitates a human-readable fully qualified domain name (FQDN) to be translated to a network IP address, which in turn allows networked devices to communicate to one other and provide content or needed services to allow applications to work as expected. The DNS was first introduced in 1983 by Paul Mockapetris and is one of the original Internet Standards per the IETF since 1986 (https://en.wikipedia.org/wiki/DomainNameSystem).
Since the advent of the DNS, it has been inherently insecure because DNS packets are transmitted in clear text either via the User Datagram Protocol (UDP) or the Transmission Control Protocol (TCP). There have been numerous initiatives to secure the DNS, notably DNS security extensions (DNSSEC), which encourage authoritative DNS operators to add extensions and caching DNS operators to perform validations. While this enhances security for the user, it doesn't solve the clear text request and response problems.
More recently, encrypted DNS protocols have been implemented across the Internet, including but not limited to, DNS over HTTPS (DoH), DNS over TLS (DoT), DNSCrypt, and in the near future DNS over QUIC (DoQ). Comcast is one of the first major ISPs to provide DoH and DoT to their customers and has also become a trusted recursive resolver with Mozilla’s browser Firefox.