UK ISP Andrews & Arnold Trial DNS over HTTPS (DoH) and DoT
Broadband ISP Andrews & Arnold (AAISP) has today announced that they’ve started a trial of both DNS over HTTPS (DoH) and DNS over TLS (DoT) services, which encrypts Domain Name System requests (i.e. turning IP addresses into human readable domains like ISPreview.co.uk and back again) in order to make them secure.
Lately DoH has been in the news a lot, not least due to Firefox‘s (Mozilla) decision to enable the feature by default in their popular website browser (here). A number of major broadband ISPs are also deeply unhappy with this change as it would take DNS request away from their visibility and disrupt some of their systems (e.g. website filtering / parental controls, account management features, CDNs etc.).
Eventually ISPs will probably need to adopt DoH too and one of the first to setup its own servers is AAISP, which interestingly has also made them available for use by non-customers (details here).
AAISPs DoH/DoT Disclaimer
We are trialling a DNS over HTTPS (DoH) and DNS over TLS (DoT) proxy to our DNS services. If you want to encrypt your DNS lookups to our servers, you are welcome to use this, whether you are an A&A customer or not.
This is a free of charge service, and we may vary, suspend, or terminate it at any time, without notice. (In practice, as usual, we’ll try to give reasonable notice, via our status pages). We may also rate-limit or block IP addresses if the service is abused.
If you use this, it’s at your own risk, and we are not liable to you for any losses you may suffer as a result of using it.
Privacy-wise, we do not filter or log your lookups, but we do use server logs to maintain our systems and resolve problems. Here’s our privacy notice and, if you use this service, we’ll process your data as if you were a customer.
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and Linkedin.
« Three UK Start L-Band Rollout and Recycle 3G Spectrum to 4G
JT’s Full Fibre Short-listed for World Communication Awards »
Latest UK ISP News
- FTTP (5533)
- BT (3518)
- Politics (2542)
- Openreach (2299)
- Business (2267)
- Building Digital UK (2247)
- FTTC (2045)
- Mobile Broadband (1978)
- Statistics (1790)
- 4G (1669)
- Virgin Media (1621)
- Ofcom Regulation (1466)
- Fibre Optic (1396)
- Wireless Internet (1392)
- FTTH (1382)
Thanks A&A
Heads above the rest as always 🙂
Not really, some ISPS – for example IDNET have had DNS over TLS for some time – but in any case this fails to achieve that much given the ISP already has the greatest insight into your activity so you’re guarding against minimal theoretical risk.
I’d sooner trust AAISP than EE, so I’ll be enabling this on my phone forthwith!
Also, it always starts with good intentions. If this becomes successful, you can bet they’ll get offered a cheque so large that it would be daft to say No. This is what happened to OpenDNS too.
Bloor from A&A here…
Not quite sure what we’d be offered a cheque for? Genuinely don’t understand that comment! But happy to answer it if you’re happy to provide a bit more explanation. The service we are offering is a resolving service…
Hi,
First-off, sorry for not expressing that I am glad that this service exists :).
I’m just expressing a rather cynical outlook that if this free DoH service becomes massively popular, the commercial interests that want this kind of data will come for your company with their chequebooks.
OpenDNS for example if you ever heard of it was a DNS service that was meant to provide something like a “safe for kids” view of the Internet as a simple solution that users could deploy. DNS data is pretty good for analytics, so if you have a popular service, people that want to get their hands on that data will offer money for various things including a complete buyout. OpenDNS was bought out by Cisco a few years ago.
Hey!
Cool. Ok well, primarily this is aimed for our own broadband customers – by necessity it is open to the world, as of course our customers sometimes take their phones and computers off our network… so it has to be accessible to the world. But secondly, we are not logging our DNS data. So we have nothing to ‘sell’.
Finally, I am personally rather skeptical about the true value in 2019 of DNS data for analytic purposes. Bear in mind Cisco acquired OpenDNS back in ’15.
I mean, maybe resolution records have some value, but as I understand it, OpenDNS also offers things like basic DNS filtering etc, which then becomes a saleable service in its own right; genuine ‘invoiceable’ service to end users and other networks.
I think perhaps that is more or a part of the reason Cisco acquired it – the (potential) recurring revenue aspect – than the data. Again though, we do not charge for our DoH/DoT. So again, there is no recurring revenue from that service. So again, a less likely acquisition target.
I could, of course, be totally wrong!
But those are my thoughts!
Bloor
DNS data is useful for security analytics/intelligence, as well as for web businesses looking to spot the next big trend so that they can take the necessary action (adopt, acquire or challenge) before it becomes too expensive.
what are you on about Spurple? It is a DNS service DNS services are in general free from any ISP. I could if i wanted on a NON BT connection use any DNS service that BT provide. I would not want to, but could. This is no different.
“DNS data is useful for security analytics/intelligence, as well as for web businesses looking to spot the next big trend so that they can take the necessary action (adopt, acquire or challenge) before it becomes too expensive.”
As Blood from A&A already pointed out there is no DNS data. They don’t log any of it.
IMO your scepticism is misplaced with suggestions that A&A might sell out and sell users data.
I think you would benefit on watching RevK’s videos on the snoopers charter and the companies history on privacy and filtering.
It’s the last ISP I would expect that from.
*Bloor, not Blood, obviously!
Sounds good to me. Thinking of signing up to the AAISP L2TP service as well. At the moment I don’t really need it but Truespeed might be coming to town and they charge too much for home office package with static IP and force you to use their crappy router. Also, could use over my Vfe cellular backup connection to overcome CGNAT limitations. Only ever heard good things about AAISP. I personally believe they are as trustworthy as you are likely to get for a domestic service. Still use a VPN for most stuff though 🙂
F
Then you are simply relying on the trustworthiness of the VPN provider.
Nice to hear! Hopefully next year they might consider offering 330/50 at the least for FTTP. The lack of such a speed choice is the only thing stopping me from going back to AAISP.
Not their prices and download limits?!
I have no problem with their quotas, especially knowing that their network isn’t intentionally being traffic shaped, congested, filtered or such. Their pricing is fine for the high quality of service. Other ISP’s which claim to have ‘unlimited’ traffic limits are often not truly unlimited and still have a soft quota, or alternatively can sometimes be congested and/or traffic shaped. I’d rather pay slightly more, especially knowing what I’ll be getting and what my actual limit is.
ixel, I don’t concur the thought of limits and at a super premium price belongs in the early 00s, personally have virgin 350/35 and have not once experienced significant bottlenecks or downtime, limits or otherwise, 40 a month, bargain.
Choice is a wonderful thing, what one person wants another may not. Its a pity some people can not comprehend that some are quite happy not to have an all you can eat buffet for every meal.