DNS over HTTPS – What Schools Need to Know about Web Filtering with DoH

Recently, Mozilla announced its plans to implement the DNS-over-HTTPS (DoH) protocol by default in the Firefox browser starting in late September. Soon after, Google announced its intention to do the same for the Chrome browser. The implications for web filtering and schools could be big. Learn what DoH means for schools that need to filter traffic and protect students.

What is DoH?

DoH stands for DNS Over HTTPS. DNS stands for Domain Name System; it’s the system for matching the domain name of a site (like www.something.com) to its IP addresses that makes it easy to browse the web and get to your favorite sites. Historically all of that has happened via an unencrypted DNS connection. As the name DNS over HTTPs implies, DoH takes DNS and shifts it to a secure, encrypted HTTPs connection.

Why DoH?

Mozilla and Google are making these changes to bring the security and privacy benefits of HTTPS to DNS traffic. All those warnings about the security risks of public WiFi? With DoH, you’re protected against other WiFi users seeing what websites you visit because your activity would be encrypted. DoH can also add protection against spoofing and pharming attacks and can prevent your network service providers from seeing your web activity.

What Does DoH Mean for Schools?

DoH prevents network services from seeing web traffic – but seeing web traffic is something schools rely on for web filtering and reporting. Much like Google’s move to encrypted search and other services years ago, while this can bring greater privacy and security to many users, it can also have big, negative implications for schools. Schools rely on the ability to see student traffic to provide essential services like filtering, monitoring, and reporting on school-owned devices.

When Does DoH Take Effect?

Firefox has already started to gradually shift to DOH. Chrome is expected to start shifting some traffic by the end of the year.

Does this Impact Your School?

If you rely on DNS filtering, you may be affected: without proper preparation or solutions, traffic won’t be able to be reliably blocked and your filtering may be ineffective. For our Lightspeed Systems customers, we have you covered.

Why Lightspeed Systems is DoH-Ready?

If you’re using Lightspeed Filter™, you’ll be ready for DoH because our Smart Agents™ are installed on the device to provide the most granular, decrypted filtering; they don’t use DNS.
Our Lightspeed Rocket™ (for BYOD and IoT traffic) uses DNS, but we’ve prepared our technology for DNS over HTTPS and the Rocket will block the DoH domains so traffic is forced back to standard DNS where it can be seen, filtered, and reported.
Inline Rocket Web Filter customers will also be able to filter traffic across DoH.

What Other Web Filter Users Should Do:

If you’re not using Lightspeed Systems solutions, make sure that you will be able to effectively filter all traffic even with these shifts to DoH.

  • If you’re using a different DNS Filter, or a DNS feature of other cloud-based filters, reach out to your provider to discuss if you’ll be able to ensure ongoing filtering with DoH.
  • If you’re using an inline filter, you will be able to effectively filter over DoH (but you may be missing out on other benefits a cloud solution can provide).


Recommended Content

Lightspeed Learning Lab

Lightspeed Learning Lab - Edtech Best Practices for a Smooth Return to School

View Resource

You May Also Like

screenshots on desktop and mobile devices for distance learning software

Here's a demo, on us

Still doing your research?
Let us help! Schedule a free demo with one of our product experts to get all of your questions answered quickly.

man sitting at desk on laptop looking at Lightspeed Filter dashboard

Welcome back!

Looking for pricing information for our solutions?
Let us know about your district’s requirements and we’ll be happy to build a custom quote.

Reimagine the inspired and interactive classroom for remote, hybrid, and in-person learning. Lightspeed Classroom Management™ gives teachers real-time visibility and control of their students’ digital workspaces and online activity.

  • Ensure all students interact with only the right online curriculum — precisely when they’re supposed to use it.
  • Push out vetted curriculum links to all students at the same time.
  • Block inappropriate or distracting web sites and apps.

Ensure scalable & efficient learning device management. The Lightspeed Mobile Device Management™ system ensures safe and secure management of student learning resources with real-time visibility and reporting essential for effective distance learning.

  • A centralized, cloud-based solution for infinitely scalable device, application, and policy controls
  • Self-Service App Library, where teachers and students
    can access and install approved curriculum and learning tools
  • Remotely deploy, change, and revoke hundreds of policies and educational applications, while reducing typical downtime and costs

Prevent suicides, cyberbullying, and schoolviolence. Lightspeed Alert™ supports district administrators and selected personnel with advanced AI to detect and report potential threats before it’s too late.

  • Human review
  • Real-time alerts that flag signs of a potential threat
  • Intervene quickly before an incident occurs.
  • Activity logs provide visibility into online activity before and after a flagged event

Protect students from harmful online content. Lightspeed Filter™ is the best-in-class solution that acts as a solid barrier to inappropriate or illicit online content to ensure students’ online safety 24/7.

  • Powered by the most comprehensive database in the industry built through 20 years of web indexing and machine learning.
  • Ensure CIPA compliance
  • Block millions of inappropriate, harmful, and unknown sites, images, and video including YouTube
  • Keep parents informed with the Lightspeed Parent Portal™

Gain complete visibility into students’ online learning. Lightspeed Analytics™ gives districts robust data on the effectiveness of any tools they implement so they can take a strategic approach to their technology stack and streamline reporting.

  • Track education technology adoption and usage trends, eliminate redundancy, and drive ROI
  • Monitor app and content consumption to facilitate early adoption and effective utilization
  • Assess risk with visibility into student data privacy and security compliance