HWZ Forums

Login Register FAQ Mark Forums Read

How to enable DoH in each browser

Like Tree1Likes
  • 1 Post By uncle_josh
Reply
 
LinkBack Thread Tools
Old 02-12-2019, 04:24 PM   #1
Senior Member
 
uncle_josh's Avatar
 
Join Date: Jun 2018
Posts: 844
How to enable DoH in each browser

1. Here's how to enable DoH in each browser, ISPs be damned

2. Cloudflare Secure DNS Checker



Why use DNS over HTTPS (DoH)
1. encrypts DNS traffic and helps improve a user's privacy on the web.

2. makes a user's DNS traffic invisible to third-party network observers

3. prevent man-in-the-middle attacks
Man-in-the-middle attacks (a common cybersecurity concern) are more or less useless if DNS over HTTPS is enabled. Since all DNS requests are encrypted, a 3rd party observer cannot make sense of the data they would gleam.
Hafi likes this.
__________________
https://www.speedtest.net/my-result/a/5406920451.png

Last edited by uncle_josh; 02-12-2019 at 04:26 PM..
uncle_josh is online now   Reply With Quote
Old 03-12-2019, 01:48 PM   #2
Arch-Supremacy Member
 
davidktw's Avatar
 
Join Date: Apr 2010
Posts: 10,200
Half the story. Still have to wait for prevalence of ESNI in the HTTPS world to really obscure ur DNS intention. Btw that is if you trust the 3rd party which is cloudflare.

MITM actually isnít mitigated by DOH nor DOT, That is to be mitigated by DNSSEC. The MITM can happen upstream of cloudflare, even though DOH and DOT would have protected cloudflare downstream

Donít think of security between you and cloudflare only. That is again half the story only.

Last edited by davidktw; 03-12-2019 at 01:52 PM..
davidktw is offline   Reply With Quote
Old 03-12-2019, 03:33 PM   #3
Senior Member
 
uncle_josh's Avatar
 
Join Date: Jun 2018
Posts: 844
Most users will just happen to be dependent on cloud providers for DoH not because of anything inherent to DoH, but because at the moment only cloud providers are offering DoH-enabled resolvers

AFAIK it doesn't matter. The important thing is that you're not using plaintext DNS.

It's about preventing network observers from figuring out what sites you visit by observing the DNS requests you make.

Sent from 今天工作不努力, 明天努力找工作 using GAGT

Last edited by uncle_josh; 03-12-2019 at 03:36 PM..
uncle_josh is online now   Reply With Quote
Old 03-12-2019, 03:35 PM   #4
Arch-Supremacy Member
 
davidktw's Avatar
 
Join Date: Apr 2010
Posts: 10,200
Most users will just happen to be dependent on cloud providers for DoH not because of anything inherent to DoH, but because at the moment only cloud providers are offering DoH-enabled resolvers

AFAIK it doesn't matter. The important thing is that you're not using plaintext DNS.

Sent from 今天工作不努力, 明天努力找工作 using GAGT
It is plaintext from Cloudflare to the Authority DNS, unless the Authority DNS support DNSSEC. It is next to no security unless you know your end-to-end security. Encryption alone is not the sole answer to security. You need to know where your information are leaked, that's how security works.

I'm not saying DOH or DOT is not important as part of the holistic security framework, I'm just saying it's not the complete picture.
davidktw is offline   Reply With Quote
Old 03-12-2019, 04:30 PM   #5
Senior Member
 
uncle_josh's Avatar
 
Join Date: Jun 2018
Posts: 844
Hi David,

Thanks for point out.

Sent from 今天工作不努力, 明天努力找工作 using GAGT
uncle_josh is online now   Reply With Quote
Old 12-12-2019, 10:13 AM   #6
Senior Member
 
uncle_josh's Avatar
 
Join Date: Jun 2018
Posts: 844
Another link to check DNS over HTTPS (DoH) working properly
__________________
https://www.speedtest.net/my-result/a/5406920451.png
uncle_josh is online now   Reply With Quote
Old 04-01-2020, 08:33 AM   #7
Senior Member
 
uncle_josh's Avatar
 
Join Date: Jun 2018
Posts: 844
Source : https://www.qacafe.com/articles/what-is-dns-over-tls/
__________________
https://www.speedtest.net/my-result/a/5406920451.png
uncle_josh is online now   Reply With Quote
Old 17-01-2020, 12:42 PM   #8
Senior Member
 
uncle_josh's Avatar
 
Join Date: Jun 2018
Posts: 844
Alternative DoH endpoints

By default, when you enable DNS-over-HTTPS your requests will go through Cloudflare at: https://mozilla.cloudflare-dns.com/dns-query



However you can use any DoH compliant endpoint by changing the network.trr.uri value to any end point that supports it, such as:

Google DNS: https://dns.google.com/experimental
Quad9: https://dns.quad9.net/dns-query


Source : https://miketabor.com/enable-dns-ove...ni-in-firefox/
__________________
https://www.speedtest.net/my-result/a/5406920451.png
uncle_josh is online now   Reply With Quote
Old 17-01-2020, 02:56 PM   #9
Member
 
Join Date: Jan 2020
Posts: 235
You take note - A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.
charlesdygreat is offline   Reply With Quote
Old 26-01-2020, 05:58 PM   #10
Arch-Supremacy Member
 
SkyShroud's Avatar
 
Join Date: Oct 2005
Posts: 15,787
I use dot, doh make sense for public network though but still wip
__________________
Time do not wait, so fly at light speed and don't stop.
I am Lu5ck, unique nick in cyber world!
SkyShroud is offline   Reply With Quote
Old 27-02-2020, 05:02 PM   #11
Member
 
Join Date: Feb 2020
Posts: 237
How do I enable DoH in Chrome and or Firefox? Same thing?
shawnbright is offline   Reply With Quote
Reply
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Terms of Service for more information.


Thread Tools

Posting Rules

Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On