Author Topic: DoH (DNS-over-HTTPS)  (Read 103 times)

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1250
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
DoH (DNS-over-HTTPS)
« on: September 11, 2019, 03:12:03 PM »
So this topic has been consuming me for about a week and I've been reading about it here and there for a few months.

https://en.wikipedia.org/wiki/DNS_over_HTTPS

"DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks. As of March 2018, Google and the Mozilla Foundation are testing versions of DNS over HTTPS."

So the feature now exists and I've confirmed it in Chrome and Firefox.

How to enable DNS-over-HTTPS (DoH):
First off make sure your browser has the latest version.
Firefox: https://support.mozilla.org/en-US/kb/firefox-dns-over-https#w_enabling-and-disabling-dns-over-https
Chrome: https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-google-chrome/

Test your DoH connection: https://1.1.1.1/help
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1250
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: DoH (DNS-over-HTTPS)
« Reply #1 on: September 11, 2019, 03:16:01 PM »
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1250
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: DoH (DNS-over-HTTPS)
« Reply #2 on: September 11, 2019, 03:34:26 PM »
Looks like Chrome will be coming out with this built-in soon. Seems like according to this website it's in DEV and almost in BETA.
https://www.bleepingcomputer.com/news/technology/google-unveils-dns-over-https-doh-plan-mozillas-faces-criticism/

https://www.google.com/chrome/beta/
https://www.google.com/chrome/dev/
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1250
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: DoH (DNS-over-HTTPS)
« Reply #3 on: September 13, 2019, 01:17:00 AM »
Good information to keep you in the loop on the state of the encrypted internet.

https://www.eff.org/deeplinks/2019/09/encrypted-dns-could-help-close-biggest-privacy-gap-internet-why-are-some-groups
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1250
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: DoH (DNS-over-HTTPS)
« Reply #4 on: October 07, 2019, 10:52:34 PM »
Looks like some push back. Either in denial or just trying to bash it.

https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-solves-experts-say/
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1250
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: DoH (DNS-over-HTTPS)
« Reply #5 on: October 31, 2019, 05:34:40 AM »
So with Firefox this feature is fully integrated in the settings and Chrome 78 now has a flag for it. Once the flag is enabled it only activates when your host DNS is using the protocol. I've tested this and it works. Of course Comcast isn't using it. FYI it isn't easy to test this feature so it's hard to even know if it's working without doing a traceroute.
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1250
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein