
What is the difference between DNS-over-HTTPS and DNSSEC?

I was just introduced to the Domain Name System Security Extensions (DNSSEC) and it sounds very similar to the concept of DNS-over-HTTPS (DoH) and DNS-over-TLS: to add privacy and security into DNS lookups.

What are the main differences between these protocols? Do they compete/serve the same goals?


  • DNSSEC just signs answers, to check integrity and preserve DNS cache poisoning from unauthorized fake "servers". With DNSSEC, any eavesdropper can:

    DOH is DNS over HTTPS. There is:

    Advantage of DNSSEC - more quick. Advantage of DOH - more private.