How to enable DoH in each browser

uncle_josh

Senior Member
Joined
Jun 16, 2018
Messages
2,084
Reaction score
189
1. Here's how to enable DoH in each browser, ISPs be damned

2. Cloudflare Secure DNS Checker



Why use DNS over HTTPS (DoH)
1. encrypts DNS traffic and helps improve a user's privacy on the web.

2. makes a user's DNS traffic invisible to third-party network observers

3. prevent man-in-the-middle attacks
Man-in-the-middle attacks (a common cybersecurity concern) are more or less useless if DNS over HTTPS is enabled. Since all DNS requests are encrypted, a 3rd party observer cannot make sense of the data they would gleam.
 
Last edited:

davidktw

Arch-Supremacy Member
Joined
Apr 15, 2010
Messages
13,391
Reaction score
1,180
Half the story. Still have to wait for prevalence of ESNI in the HTTPS world to really obscure ur DNS intention. Btw that is if you trust the 3rd party which is cloudflare. :)

MITM actually isn’t mitigated by DOH nor DOT, That is to be mitigated by DNSSEC. The MITM can happen upstream of cloudflare, even though DOH and DOT would have protected cloudflare downstream

Don’t think of security between you and cloudflare only. That is again half the story only.
 
Last edited:

uncle_josh

Senior Member
Joined
Jun 16, 2018
Messages
2,084
Reaction score
189
Most users will just happen to be dependent on cloud providers for DoH not because of anything inherent to DoH, but because at the moment only cloud providers are offering DoH-enabled resolvers

AFAIK it doesn't matter. The important thing is that you're not using plaintext DNS.

It's about preventing network observers from figuring out what sites you visit by observing the DNS requests you make.

Sent from 今天工作不努力, 明天努力找工作 using GAGT
 
Last edited:

davidktw

Arch-Supremacy Member
Joined
Apr 15, 2010
Messages
13,391
Reaction score
1,180
Most users will just happen to be dependent on cloud providers for DoH not because of anything inherent to DoH, but because at the moment only cloud providers are offering DoH-enabled resolvers

AFAIK it doesn't matter. The important thing is that you're not using plaintext DNS.

Sent from 今天工作不努力, 明天努力找工作 using GAGT

It is plaintext from Cloudflare to the Authority DNS, unless the Authority DNS support DNSSEC. It is next to no security unless you know your end-to-end security. Encryption alone is not the sole answer to security. You need to know where your information are leaked, that's how security works.

I'm not saying DOH or DOT is not important as part of the holistic security framework, I'm just saying it's not the complete picture. :)
 

uncle_josh

Senior Member
Joined
Jun 16, 2018
Messages
2,084
Reaction score
189
Hi David,

Thanks for point out.

Sent from 今天工作不努力, 明天努力找工作 using GAGT
 

uncle_josh

Senior Member
Joined
Jun 16, 2018
Messages
2,084
Reaction score
189
Source : https://www.qacafe.com/articles/what-is-dns-over-tls/
domain-name-servers-dns.png
 

uncle_josh

Senior Member
Joined
Jun 16, 2018
Messages
2,084
Reaction score
189
Joined
Jan 13, 2020
Messages
376
Reaction score
2
You take note - A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.
 

SkyShroud

Arch-Supremacy Member
Joined
Oct 28, 2005
Messages
20,473
Reaction score
1,223
I use dot, doh make sense for public network though but still wip
 

uncle_josh

Senior Member
Joined
Jun 16, 2018
Messages
2,084
Reaction score
189
How to use DNS over HTTPS in Windows 10
-to take advantage of it, you need to be running Windows 10 Build 19628 or later
-need to activate the DoH client using the following steps :

Opening the Registry Editor
1.Navigate to the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" registry key
2.Create a new DWORD value named EnableAutoDoh
3.Set its value to 2

Change the DNS server settings in the network properties :
1.Go to Network and Internet > Network and Sharing Center > Change adapter settings
2.Right click on the connection you want to add a DNS server to and select Properties
3.Select either Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) and click Properties
4.Ensure the Use the following DNS server addresses radio button is selected and add the DNS server address into the fields below

For Windows to use DoH, use one of the following DNS servers:
doh-servers.png
 

uncle_josh

Senior Member
Joined
Jun 16, 2018
Messages
2,084
Reaction score
189
Improving DNS Privacy with Oblivious DoH
Today we are announcing support for a new proposed DNS standard — co-authored by engineers from Cloudflare, Apple, and Fastly — that separates IP addresses from queries, so that no single entity can see both at the same time. Even better, we’ve made source code available, so anyone can try out ODoH, or run their own ODoH service!

To safeguard DNS from onlookers and third parties, the IETF standardized DNS encryption with DNS over HTTPS (DoH) and DNS over TLS (DoT). Both protocols prevent queries from being intercepted, redirected, or modified between the client and resolver.

The move to ODoH is a true paradigm shift, where the users’ privacy or the IP address is not exposed to any provider, resulting in true privacy.
 

uncle_josh

Senior Member
Joined
Jun 16, 2018
Messages
2,084
Reaction score
189
Configuring DNS-Over-HTTPS on Pi-hole

DNS-Over-HTTPS prevents this by using standard HTTPS requests to retrieve DNS information. This means that the connection from the device to the DNS server is secure and can not easily be snooped, monitored, tampered with or blocked. It is worth noting, however, that the upstream DNS-Over-HTTPS provider will still have this ability.
 
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
Top