Skip to main content
All articles
DNS

Why DNS-over-HTTPS matters (and how Scam Lookup uses it)

Traditional DNS is plaintext and trivially tampered with. DNS-over-HTTPS encrypts the lookup — and lets any web app resolve records without a server-side helper.

July 7, 2026 5 min readBy Scam Lookup

The Domain Name System is the phonebook of the internet, and until recently it was operated exactly like a paper phonebook: shouted across the room in plaintext. Every DNS query your device made was visible to your ISP, your café's router, and anyone else on the wire. Worse, they could rewrite the answers — 'apple.com' quietly becomes something else.

DNS-over-HTTPS (DoH)

DoH does exactly what the name says: DNS queries travel inside encrypted HTTPS requests to a resolver like Cloudflare's 1.1.1.1 or Google's 8.8.8.8. Nobody in the middle can see or tamper with them. It's supported by every modern browser and by Cloudflare Workers directly.

Why Scam Lookup uses DoH exclusively

Scam Lookup runs on Cloudflare Workers. Workers can make HTTP requests but can't open raw UDP sockets, which is what traditional DNS needs. DoH is the perfect fit — every DNS lookup goes through fetch() to 1.1.1.1, with the answer coming back as JSON.

GET https://cloudflare-dns.com/dns-query?name=example.com&type=A
Accept: application/dns-json

What we look up on every scan

  • A / AAAA — the IPv4 and IPv6 addresses. Missing AAAA is fine; missing A is fatal.
  • MX — mail exchangers. Tells us whether the domain accepts email.
  • NS — authoritative name servers. Reveals hosting patterns.
  • TXT — SPF, DKIM discovery keys, verification tokens, DMARC.
#dns#doh#cloudflare#privacy
Share