DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol.
Chrome and Firefox are now pushing DNS-over-HTTPS (DoH). Never heard of it? Well, Wikipedia describes DNS-over-HTTPS (DoH):
DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks. As of March 2018, Google and the Mozilla Foundation are testing versions of DNS over HTTPS.
Chrome and DNS over HTTPS (DoH)
Here is info on Chrome’s use of it:
Google has announced that they would soon be performing a trial of utilizing DNS-over-HTTPS (DoH) in the Google Chrome browser. This experiment will be conducted in Chrome 78 and will attempt to upgrade a user's DNS server to a corresponding DoH server, and if available, use that for DNS resolution.
And here is how to disable it in Chrome:
If users don't want to be included in the Chrome DoH experiment, they can use a DNS provider that's not on Google's list (which most of the Chrome userbase already does), or they can disable DoH support by modifying the chrome://flags/#dns-over-https
flag.
Firefox and DNS over HTTPS (DoH)
And here is info on how Mozilla is implementing it in Firefox:
Starting the week of April 1, a small portion of our United States-based users in the Release channel will receive the DoH treatment. As before, this study will use Cloudflare’s DNS-over-HTTPS service and will continue to provide in-browser notifications about the experiment so that participants are fully informed and has the opportunity to decline.
We are working to build a larger ecosystem of trusted DoH providers, and we hope to be able to experiment with other providers soon. As before, we will continue to share the results of the DoH tests and provide updates once future plans solidify.
And here is info on how to disable it in Firefox:
To turn DoH off in your Firefox, go to Settings -> Network Settings and untick the Enable DNS over HTTPs checkbox.
Alternatively, go to about:config
in the address bar, search for network.trr.mode
and set it to K.
But why would anyone want to disable DNS over HTTPS?
Now why would I include instructions on how to disable it? While the stated goal is to “…increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks…” the reality, is it seems like DNS over HTTPS (DoH) will be a process that (effectively) will send all browser-based DNS requests to Google managed servers. To some people, having Google be able to process your DNS metadata is not a great idea and they would rather use open/neutral services like OpenDNS and such.
4This is also going to be all sorts of fun if you run your own DNS server for say adblocking. – Journeyman Geek – 2019-09-12T00:46:42.743
3@JourneymanGeek Why would anyone want to block ads? Just let Google determine the ads you like, citizen! – JakeGould – 2019-09-12T00:54:51.833