4
2
I’ve recently heard that Chrome and Firefox will be testing (and implementing?) the use of DNS over HTTPS (DoH) for DNS resolution in their browsers instead of the traditional DNS or even DNS over TLS.
What is DNS over HTTPS (DoH) and what should I know about it?
JakeGould
Posted 2019-09-11T23:05:22.790
Reputation: 38 217
5
Chrome and Firefox are now pushing DNS-over-HTTPS (DoH). Never heard of it? Well, Wikipedia describes DNS-over-HTTPS (DoH):
DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks. As of March 2018, Google and the Mozilla Foundation are testing versions of DNS over HTTPS.
Here is info on Chrome’s use of it:
Google has announced that they would soon be performing a trial of utilizing DNS-over-HTTPS (DoH) in the Google Chrome browser. This experiment will be conducted in Chrome 78 and will attempt to upgrade a user's DNS server to a corresponding DoH server, and if available, use that for DNS resolution.
And here is how to disable it in Chrome:
If users don't want to be included in the Chrome DoH experiment, they can use a DNS provider that's not on Google's list (which most of the Chrome userbase already does), or they can disable DoH support by modifying the
chrome://flags/#dns-over-httpsflag.
And here is info on how Mozilla is implementing it in Firefox:
Starting the week of April 1, a small portion of our United States-based users in the Release channel will receive the DoH treatment. As before, this study will use Cloudflare’s DNS-over-HTTPS service and will continue to provide in-browser notifications about the experiment so that participants are fully informed and has the opportunity to decline.
We are working to build a larger ecosystem of trusted DoH providers, and we hope to be able to experiment with other providers soon. As before, we will continue to share the results of the DoH tests and provide updates once future plans solidify.
And here is info on how to disable it in Firefox:
To turn DoH off in your Firefox, go to Settings -> Network Settings and untick the Enable DNS over HTTPs checkbox.
Alternatively, go to
about:configin the address bar, search fornetwork.trr.modeand set it to K.
Now why would I include instructions on how to disable it? While the stated goal is to “…increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks…” the reality, is it seems like DNS over HTTPS (DoH) will be a process that (effectively) will send all browser-based DNS requests to Google managed servers. To some people, having Google be able to process your DNS metadata is not a great idea and they would rather use open/neutral services like OpenDNS and such.
JakeGould
Posted 2019-09-11T23:05:22.790
Reputation: 38 217
4This is also going to be all sorts of fun if you run your own DNS server for say adblocking. – Journeyman Geek – 2019-09-12T00:46:42.743
3@JourneymanGeek Why would anyone want to block ads? Just let Google determine the ads you like, citizen! – JakeGould – 2019-09-12T00:54:51.833