Improve Privacy and Security

Enforce and ensure the integrity and authenticity of DNS data


Encrypt the traffic between your browser and your DNS resolver with DoH.

TCPWave, a leading DNS solution provider, has added support for DNS over HTTPS (DoH) to enhance privacy protection for its users. Traditional DNS design had limited security features, and while DNSSEC improved some aspects, it still had limitations, such as a lack of traffic encryption and a resource-intensive validation process.

Tailored for Enterprise Needs

Tailored for Enterprise Needs

  • By addressing unique DNS settings and offering enhanced visibility into browser-based DNS queries, we provide organizations with a balanced solution.
Proactive Threat Detection

Proactive Threat Detection

  • TCPWave's incorporation of machine learning and artificial intelligence into its threat intelligence empowers businesses to detect and respond to data exfiltration attempts.

Enhanced Security

  • With DoH, communication between DNS clients and servers is encrypted, making it more difficult for malicious actors to intercept or alter DNS data.

Lower Total Cost of Ownership (TCO)

  • With the adoption of cutting-edge IETF standards like DoH, TCPWave positions itself as a progressive DNS solution provider, standing alongside other major DNS providers.
Navigating the New IETF Standards

To address these issues, the IETF introduced new standards, including DNS over HTTPS (DoH) in RFC8484. DoH encrypts communication between DNS clients and servers and operates over HTTPS, providing increased privacy. However, it is not meant for server-to-server communication. While DoH offers benefits like encryption and HTTPS utilization, it also raises concerns about privacy, HTTPS dependency, and unique DNS settings in corporate environments.

Mitigating Security Risks in Corporate Network

Malicious DoH clients within a corporate network can create security risks, as IT teams lose visibility into DNS queries made by web browsers over HTTPS. One drawback of DoH's application layer operation is that browser traffic could bypass enterprise DNS controls, potentially hampering the support team's ability to maintain network performance, security, scale, and reliability. To address these issues, TCPWave threat intelligence uses machine learning and artificial intelligence to detect data exfiltration.


Major DNS service providers like Google DNS, and CloudFlare have incorporated DoH into their public offerings. Using a DoH-enabled web browser provides an additional layer of security between users and service providers. Nevertheless, communication between the service provider and the rest of the internet might still be unsecured. By supporting DNS over HTTPS (DoH), TCPWave aims to provide users with enhanced security and privacy in DNS communication, ultimately promoting a safer internet for communication and data exchange.