DNS Over HTTPS and Politics Will Resolution Policy Bypass Registrars

The introduction of DNS over HTTPS, commonly known as DoH, has generated intense debate not only in technical circles but also in the realms of governance, business, and geopolitics. At its core, DoH is a technical innovation designed to enhance privacy and security by encrypting DNS queries, the lookups that translate human-readable domain names into IP addresses. Traditionally, DNS requests have been transmitted in plaintext, making them visible to internet service providers, governments, and anyone capable of intercepting traffic. By shifting DNS queries into an encrypted channel, DoH aims to prevent surveillance, manipulation, or censorship at this fundamental layer of the internet. Yet this promise of privacy carries with it a political undertone, because by changing who controls or mediates resolution, DoH also has the potential to bypass the policies and enforcement roles traditionally tied to registrars and registries. For domain investors, policymakers, and governance advocates alike, this raises pressing questions about whether DoH signals a future in which registrars’ role in shaping resolution policy becomes diminished or even obsolete.

To appreciate the stakes, it is important to understand how registrars and registries currently function in the DNS ecosystem. Registrars sell and manage domain names on behalf of registrants, while registries maintain the authoritative databases for top-level domains such as .com, .org, or country-code extensions. Together, these institutions form part of the infrastructure that ensures domain names resolve reliably and consistently worldwide. More importantly, registrars and registries are bound by contractual obligations with ICANN or local governments, which often include provisions related to abuse mitigation, accuracy of registrant data, and, in some cases, compliance with court orders or law enforcement directives. When a government wants to suspend a domain used for illegal activity, it usually goes through registrars or registries, leveraging their central role in the DNS hierarchy.

DoH complicates this picture by changing where DNS resolution takes place and who controls it. In the conventional model, DNS resolution is handled by resolvers provided by ISPs or local network operators. These resolvers follow the authoritative chain from root servers down to registries and registrars to retrieve the necessary records. Under DoH, however, queries can be redirected to remote resolvers operated by third parties such as Google, Cloudflare, or Mozilla’s chosen partners. The user’s system bypasses the local resolver entirely, sending encrypted queries to a remote endpoint that handles resolution. This change shifts power away from ISPs and local operators and toward whichever global companies operate the trusted DoH resolvers. As adoption spreads, the question arises: if users and applications increasingly rely on centralized DoH providers, could registrar and registry policies on resolution enforcement be rendered less relevant?

Governments have been quick to grasp the political implications of this shift. In countries that rely on ISPs to implement filtering or censorship, DoH poses a direct challenge. If users configure their browsers to send DNS requests to a remote DoH provider, local filtering mechanisms lose visibility and control. For example, a government order instructing ISPs to block access to certain domains may become ineffective if those queries no longer pass through the ISP’s resolver. From the perspective of policymakers, this undermines the enforcement role that registrars and registries play, since the final point of control may shift toward large DoH operators outside national jurisdiction. A French court order against a registrar to suspend a domain might achieve little if the site remains resolvable through global DoH providers until the registry itself intervenes. The locus of enforcement thus drifts away from registrars, threatening their function as gatekeepers in domain policy.

For registrars, this shift is concerning because it strikes at their business model as well as their regulatory importance. Registrars have long been intermediaries balancing the interests of registrants, ICANN, governments, and the public. Their compliance with policies on WHOIS accuracy, DNS abuse, and takedown requests is one of the reasons they hold a central role in internet governance. But if resolution control migrates to large global DoH providers, registrars may find themselves reduced to sellers of names without effective influence over resolution policy. In such a scenario, their role in enforcing legal or regulatory measures could diminish, while DoH providers assume de facto responsibility for deciding whether to honor or reject requests to block domains.

This outcome is not merely hypothetical. The rollout of DoH has already shown how political and business decisions become intertwined with technical standards. When Mozilla announced that Firefox would default to DoH using Cloudflare in the United States, critics raised alarms about centralization and jurisdictional influence. Instead of thousands of ISPs handling resolution, a single U.S.-based company became the default resolver for millions of users. This centralization places enormous policy power in the hands of a private entity, one that is not contractually bound by ICANN’s registrar agreements or national telecom regulations. If Cloudflare or Google decide to interpret abuse or censorship policies in a particular way, their choices could override the policies set by registrars, governments, or even courts outside their home jurisdictions.

The consequences for domain investors are far-reaching. The value of domains has always depended on the assurance that they will resolve consistently and predictably across the global internet. If DoH adoption fragments resolution, with different providers implementing varying policies on which domains to resolve, then the stability of domain ownership comes into question. An investor holding a valuable domain may find it resolvable through one provider but blocked by another, depending on whether the provider honors takedown requests or aligns with certain regulatory regimes. This undermines the universality of the DNS, turning what was once a globally consistent system into a patchwork defined by the political or business choices of a handful of DoH operators. For investors who value liquidity and predictability, this represents a new dimension of risk that is harder to hedge against.

Geopolitical tensions further amplify this risk. The European Union, which has taken a proactive stance on digital sovereignty, has expressed concerns about reliance on U.S.-based DoH providers, fearing a loss of regulatory oversight. China, with its longstanding system of DNS filtering and control, views DoH as a direct threat to its Great Firewall and has already moved to block or restrict DoH traffic. Russia has similarly indicated discomfort with encrypted DNS that circumvents state control. In each case, the political response has been to push for local or state-approved DoH resolvers, fragmenting the ecosystem further. If this trajectory continues, domain resolution may become politicized along national lines, undermining the global character of the DNS. Registrars, caught in the middle, may lose relevance as governments and large tech companies battle for control over the resolution layer.

For domain governance as a whole, the rise of DoH raises existential questions. ICANN has traditionally overseen registries and registrars, ensuring accountability through contractual obligations and community-driven policy development. But DoH resolvers are not part of this governance structure. They operate under different incentives, often prioritizing user privacy or corporate policy over global coordination. This creates a governance vacuum: if enforcement bypasses registrars, then who ensures consistency, fairness, and transparency in resolution policy? Will DoH providers be compelled by governments to adopt censorship lists, and if so, will those lists differ across jurisdictions? Or will they resist and create conflicts with local laws, exposing users and investors to uncertainty?

In this evolving landscape, registrars face a difficult choice. They can attempt to reassert their relevance by partnering with or becoming DoH providers themselves, aligning their role in name registration with resolution control. Some registrars and registries have already begun experimenting with integrated privacy-focused DNS services, hoping to retain influence over resolution policy. Alternatively, they can focus narrowly on being sellers of names, ceding the enforcement and governance role to DoH operators. Both paths carry risks. The first may draw registrars into direct conflict with governments that distrust encrypted DNS, while the second may relegate them to commodity status, weakening their market power and influence.

Ultimately, the politics of DoH highlight the fragility of the assumptions underpinning the domain industry. For decades, registrars and registries were central to resolution policy, ensuring that domain names carried stable, enforceable rights. DoH challenges that centrality by moving control to a new layer, one dominated by large global tech firms and contested by national governments. Whether resolution policy will truly bypass registrars depends on how regulators respond, how quickly DoH adoption scales, and whether industry players can adapt to the shifting balance of power. For investors, the key takeaway is that the universality and neutrality of DNS resolution can no longer be taken for granted. In a future where politics and encryption intersect, the fate of a domain may depend less on ICANN contracts or registrar rules and more on the policies of whichever DoH resolver the end user’s browser happens to trust.

The introduction of DNS over HTTPS, commonly known as DoH, has generated intense debate not only in technical circles but also in the realms of governance, business, and geopolitics. At its core, DoH is a technical innovation designed to enhance privacy and security by encrypting DNS queries, the lookups that translate human-readable domain names into…

Leave a Reply

Your email address will not be published. Required fields are marked *