Global Leading Market Research Publisher QYResearch announces the release of its latest report “DNS-over-HTTPS (DoH) – Global Market Share and Ranking, Overall Sales and Demand Forecast 2026-2032”. Based on current situation and impact historical analysis (2021-2025) and forecast calculations (2026-2032), this report provides a comprehensive analysis of the global DNS-over-HTTPS (DoH) market, including market size, share, demand, industry development status, and forecasts for the next few years.
【Get a free sample PDF of this report (Including Full TOC, List of Tables & Figures, Chart)】
https://www.qyresearch.com/reports/6087665/dns-over-https–doh
1. Market Overview: Explosive Growth in Encrypted DNS Security
The global market for DNS-over-HTTPS (DoH) was valued at US$ 781 million in 2025 and is projected to surge to US$ 2.689 billion by 2032, representing a remarkable CAGR of 19.6% from 2026 to 2032.
Market Analysis Highlight: This explosive growth reflects a fundamental shift in internet security awareness. For decades, Domain Name System (DNS) queries—the “phonebook of the internet” that translates domain names (like google.com) into IP addresses—have been transmitted in plaintext, creating a critical privacy vulnerability. Every website you visit, every service you access, leaves a clear-text trail visible to internet service providers (ISPs), network administrators, hackers, and surveillance agencies. DNS-over-HTTPS (DoH) closes this gap by encrypting DNS queries within standard HTTPS traffic, making it impossible for unauthorized parties to monitor or manipulate DNS communications.
Why This Market Matters Now: According to a 2025 cybersecurity report, DNS-based attacks (including DNS spoofing, tunneling, and hijacking) increased 42% year-over-year, while consumer awareness of DNS privacy risks tripled following high-profile ISP data sale controversies. Major browsers (Chrome, Firefox, Edge, Safari) now enable DoH by default in many regions, and operating system support (Windows 11, macOS, iOS, Android) is rapidly expanding. This combination of threat landscape evolution, consumer demand, and platform adoption has created a perfect storm for DoH market growth.
2. Technology Deep-Dive: Understanding DNS-over-HTTPS (DoH)
DNS-over-HTTPS (DoH) is a security protocol that encrypts Domain Name System (DNS) queries using the HTTPS protocol. Traditional DNS requests are sent in plaintext, making them vulnerable to interception, tracking, or manipulation by third parties such as ISPs, hackers, or surveillance agencies. DoH enhances privacy and security by wrapping DNS queries within standard HTTPS traffic, making it harder for unauthorized entities to monitor or alter DNS communications.
How It Works: When a user types a website address into their browser, the device normally sends a plaintext DNS query to a recursive resolver (typically operated by the user’s ISP). With DoH, that same DNS query is encrypted using TLS (the same encryption that secures online banking and e-commerce) and sent over HTTPS to a DoH-compatible resolver. The response follows the same encrypted path. To an observer on the network, DoH traffic is indistinguishable from regular web browsing traffic.
Key Technical Characteristics: DoH offers several distinct advantages: (1) Privacy—ISPs and network eavesdroppers cannot see which websites users visit; (2) Integrity—DNS responses cannot be modified in transit (preventing DNS spoofing attacks); (3) Compatibility—uses standard HTTPS ports (443), making it difficult to block without breaking web browsing; (4) Performance—modern DoH resolvers often outperform ISP DNS servers due to optimized anycast routing.
Critical Limitations: DoH is not a complete privacy solution. While it hides DNS queries from the network, it does not encrypt the destination IP address (still visible for connection establishment) or the content of the connection (requires HTTPS separately). Additionally, DoH shifts trust from the user’s ISP to the DoH resolver provider (e.g., Cloudflare, Google, NextDNS)—a trust trade-off rather than trust elimination.
3. Key Industry Development Trends (2026-2032)
3.1 Trend 1: Browser & OS Default Adoption Driving Mass Market
The single most important driver of DoH adoption has been default enablement in major browsers and operating systems:
Browser Adoption: Mozilla Firefox enabled DoH by default for US users in 2020, expanding globally by 2022. Google Chrome followed with DoH support for users using supported resolvers. Microsoft Edge adopted DoH in 2021. According to browser usage data (2025), approximately 65% of global web traffic now originates from browsers with DoH capability enabled by default or through user opt-in.
Operating System Adoption: Windows 11 includes built-in DoH configuration (Settings > Network & Internet > DNS over HTTPS). macOS Ventura and later support DoH via configuration profiles. iOS and iPadOS 14+ support DoH for Wi-Fi networks. Android 11+ includes private DNS mode (DoT/DoH). According to a 2025 operating system market analysis, over 2.5 billion devices now have native DoH support.
Market Impact: This platform-level adoption creates a massive addressable market. QYResearch estimates that DoH query volume will grow from approximately 15% of global DNS traffic in 2025 to over 50% by 2028, representing hundreds of billions of encrypted queries daily.
3.2 Trend 2: Recursive vs. Decentralized vs. Forwarding DoH Resolvers
The market segments into three architectural approaches, each with distinct value propositions:
Recursive DoH Resolvers (Largest Segment, ~50% of market): These resolvers perform full recursive DNS resolution independently, not relying on upstream DNS servers. Examples include Cloudflare (1.1.1.1), Google (8.8.8.8), Quad9, and NextDNS. Recursive resolvers offer the highest privacy (no third-party sees the full query path) but require significant infrastructure investment.
Decentralized DoH Resolvers (Fastest-Growing Segment, 25% CAGR): These resolvers use distributed networks and blockchain-inspired architectures to avoid single points of control. Examples include deSEC, LibreOps, and community-run resolvers. Decentralized resolvers appeal to privacy advocates and users distrustful of large corporate resolvers.
Forwarding DoH Proxies (~20% of market): These services accept DoH queries and forward them to traditional DNS resolvers. They are typically deployed within corporate networks or by ISDs transitioning to DoH. Growth is slower (8% CAGR) as organizations migrate to native recursive solutions.
Other Segments: Includes DoH testing tools, enterprise DoH gateways, and DNS filtering services that layer DoH on top of content blocking.
Exclusive Industry Insight: Unlike the VPN market where thousands of providers offer undifferentiated encrypted tunnel services, the DoH resolver market is naturally concentrated due to infrastructure costs and trust requirements. Operating a global recursive DoH resolver requires anycast routing (dozens of points of presence), DDoS mitigation, and compliance with privacy regulations (GDPR, CCPA). According to QYResearch analysis, the top five DoH resolver providers (Cloudflare, Google, NextDNS, Cisco/OpenDNS, Quad9) account for over 70% of recursive DoH query volume—a concentration that privacy advocates view as a concern but investors view as a moat.
3.3 Trend 3: Enterprise & ISP Adoption Lag but Accelerating
While individual users have driven early DoH adoption through browser defaults, enterprise and ISP adoption is now accelerating:
Enterprise Adoption Challenges: Corporate IT departments initially resisted DoH because it bypasses network-level DNS filtering, monitoring, and security controls. If employees configure DoH directly, the organization loses visibility into DNS queries used for threat detection and cannot enforce content filtering policies.
Enterprise Solutions: The market has responded with enterprise DoH gateways that terminate DoH connections within the corporate network, allowing IT to inspect DNS traffic while still providing encryption between the endpoint and the gateway. Vendors including Cisco Umbrella, Zscaler, and Netskope now offer enterprise DoH solutions. According to a 2025 enterprise networking survey, 35% of large enterprises have deployed or are piloting DoH-capable DNS infrastructure.
ISP Adoption: Internet service providers face a conflicted position: DoH reduces their ability to monetize DNS query data but improves customer privacy. Some ISPs have begun operating their own DoH resolvers (e.g., Comcast, BT) to retain customer visibility. According to a 2025 ISP industry report, approximately 20% of ISPs in North America and Europe now offer DoH resolvers to customers, with adoption expected to reach 60% by 2028.
Real-World Enterprise Case (2025): A multinational financial services firm with 50,000 employees deployed an enterprise DoH gateway to encrypt DNS traffic while maintaining security controls. The firm reported: (1) Elimination of DNS spoofing attempts on employee devices, (2) 40% reduction in DNS-related help desk tickets, (3) Continued compliance with financial data protection regulations, and (4) Improved employee privacy satisfaction scores.
3.4 Trend 4: Competitive Landscape – Resolvers, Browsers, and Enterprise Gateways
The DNS-over-HTTPS (DoH) market features a multi-layered competitive landscape:
Public Recursive DoH Resolvers (Consumer & SMB): Cloudflare (1.1.1.1) leads with estimated 35-40% market share of recursive DoH queries, leveraging its global anycast network and strong privacy commitments (no logging, independent audits). Google (8.8.8.8) follows with 25-30% share, benefiting from Chrome default integration and Android Private DNS. NextDNS (15% share) differentiates through customizable filtering (ad blocking, parental controls, security threats). Cisco/OpenDNS (10% share) appeals to users wanting security filtering. CleanBrowsing, ControlD, and AdGuard focus on family-friendly filtering. Mullvad VPN, Surfshark, Privatus offer DoH as part of broader privacy suites.
Browser & OS Providers (Distribution Channels): Mozilla, Google, Microsoft, Apple control DoH enablement defaults, giving them significant influence over resolver selection. According to browser telemetry, Cloudflare and Google resolvers receive 85%+ of default DoH traffic.
Enterprise DoH Gateways (Corporate Segment): Cisco Umbrella, Zscaler Internet Access, Netskope, and iboss offer DoH termination within enterprise networks. This segment is growing at 25% CAGR as organizations balance privacy with security controls.
Open Source & Community Resolvers: deSEC (German privacy-focused), LibreOps (community-run), BlahDNS, Digitale, Snopyta serve privacy advocates willing to trust smaller operators. These resolvers have minimal market share but significant mindshare in privacy communities.
Geographic Distribution: North America leads DoH adoption (estimated 45% of global query volume), driven by browser defaults and consumer privacy awareness. Europe follows (30%), with GDPR creating additional privacy incentives. Asia-Pacific is the fastest-growing region (25% CAGR) as cloud infrastructure expands and privacy awareness increases.
4. Application Segmentation: Where DoH Delivers Value
Individual Users (Largest Segment, ~55% of market): Privacy-conscious consumers, journalists, activists, and general users who want to prevent ISPs from tracking browsing history. According to a 2025 consumer privacy survey, 62% of respondents expressed concern about ISPs selling browsing data, and 41% had taken steps to encrypt DNS traffic.
Corporate Networks (~20% of market): Enterprises deploying DoH gateways to encrypt DNS while maintaining security controls. Growth is accelerating as remote work expands corporate networks beyond traditional perimeters.
Educational Institutions (~10% of market): Schools and universities use DoH to protect student privacy while balancing content filtering requirements. Many deploy hybrid solutions: DoH for general browsing, filtered DNS for managed devices.
Internet Service Providers (~10% of market): ISPs operating their own DoH resolvers to retain customer visibility and reduce support costs. Some ISPs also resell premium DoH services (ad blocking, security filtering).
Other Applications (~5%): Government agencies, non-profits, and public Wi-Fi operators.
User Case – Individual Consumer (2025): A European journalist reported that switching from ISP DNS to Cloudflare DoH prevented their ISP from seeing which human rights organization websites they accessed—a critical privacy protection given local surveillance laws.
5. Future Outlook & Strategic Recommendations (2026-2032)
Market Drivers: Three factors will sustain 19.6% CAGR growth. First, browser and OS defaults continue expanding as Mozilla, Google, Apple, and Microsoft extend DoH enablement to additional regions and user segments. Second, DNS attack proliferation—as DNS-based attacks increase, organizations and individuals seek encrypted DNS as a basic security control. Third, regulatory pressure—GDPR in Europe and similar privacy laws in other regions encourage or mandate encryption of network metadata.
Potential Headwinds: (1) ISP resistance—some ISPs have attempted to block or bypass DoH; (2) Enterprise security concerns—DNS filtering remains important for threat detection; (3) Resolver consolidation—privacy concerns about Cloudflare and Google dominance.
For Individual Users: Enable DoH in your browser and operating system settings. Choose a resolver that aligns with your privacy preferences: Cloudflare (strong privacy, no logging), NextDNS (customizable filtering), or Quad9 (security threat blocking).
For Enterprise IT Leaders: Evaluate enterprise DoH gateways that provide encryption without compromising security controls. The traditional DNS visibility model is ending—proactively adopt DoH management tools rather than attempting to block DoH (which is increasingly difficult as browsers harden defaults).
For DoH Resolver Providers (CEOs & Product VPs): Differentiate through (1) privacy transparency (audits, logging policies), (2) performance (global anycast, low latency), (3) filtering capabilities (malware blocking, parental controls, ad blocking), (4) enterprise features (audit logs, policy controls, compliance reporting).
For Investors: The 19.6% CAGR and $2.69 billion 2032 forecast represent exceptional growth in an emerging cybersecurity sub-sector. However, the market is winner-take-most due to network effects (resolvers benefit from user scale). Target investments in (1) leading recursive resolvers (Cloudflare, NextDNS), (2) enterprise DoH gateway vendors (Cisco Umbrella, Zscaler), and (3) differentiated filtering services (CleanBrowsing, AdGuard). The consumer DoH resolver market will likely consolidate to 3-5 global providers by 2030.
6. Conclusion
The DNS-over-HTTPS (DoH) market is experiencing explosive growth, driven by browser defaults, privacy awareness, and escalating DNS-based attacks. From US$ 781 million in 2025 to US$ 2.689 billion by 2032, the market reflects a fundamental shift in internet architecture: DNS queries, long transmitted in plaintext, are finally being encrypted by default. For individual users, DoH offers protection against ISP surveillance and DNS manipulation. For enterprises, DoH requires new architectures that balance encryption with security controls. For providers, the market offers exceptional growth but winner-take-most dynamics. As browsers and operating systems continue expanding DoH defaults, encrypted DNS will become as ubiquitous as HTTPS—not a question of if, but when.
Contact Us:
If you have any queries regarding this report or if you would like further information, please contact us:
QY Research Inc.
Add: 17890 Castleton Street Suite 369 City of Industry CA 91748 United States
EN: https://www.qyresearch.com
E-mail: global@qyresearch.com
Tel: 001-626-842-1666(US)
JP: https://www.qyresearch.co.jp
