[uncle_josh]

1. Here's how to enable DoH in each browser, ISPs be damned

2. Cloudflare Secure DNS Checker



Why use DNS over HTTPS (DoH)
1. encrypts DNS traffic and helps improve a user's privacy on the web.

2. makes a user's DNS traffic invisible to third-party network observers

3. prevent man-in-the-middle attacks
Man-in-the-middle attacks (a common cybersecurity concern) are more or less useless if DNS over HTTPS is enabled. Since all DNS requests are encrypted, a 3rd party observer cannot make sense of the data they would gleam.

[davidktw]

Half the story. Still have to wait for prevalence of ESNI in the HTTPS world to really obscure ur DNS intention. Btw that is if you trust the 3rd party which is cloudflare.

MITM actually isn’t mitigated by DOH nor DOT, That is to be mitigated by DNSSEC. The MITM can happen upstream of cloudflare, even though DOH and DOT would have protected cloudflare downstream

Don’t think of security between you and cloudflare only. That is again half the story only.

[uncle_josh]

Most users will just happen to be dependent on cloud providers for DoH not because of anything inherent to DoH, but because at the moment only cloud providers are offering DoH-enabled resolvers

AFAIK it doesn't matter. The important thing is that you're not using plaintext DNS.

It's about preventing network observers from figuring out what sites you visit by observing the DNS requests you make.

Sent from 今天工作不努力, 明天努力找工作 using GAGT

[davidktw]

uncle_josh wrote:

Most users will just happen to be dependent on cloud providers for DoH not because of anything inherent to DoH, but because at the moment only cloud providers are offering DoH-enabled resolvers

AFAIK it doesn't matter. The important thing is that you're not using plaintext DNS.

Sent from 今天工作不努力, 明天努力找工作 using GAGT

It is plaintext from Cloudflare to the Authority DNS, unless the Authority DNS support DNSSEC. It is next to no security unless you know your end-to-end security. Encryption alone is not the sole answer to security. You need to know where your information are leaked, that's how security works.

I'm not saying DOH or DOT is not important as part of the holistic security framework, I'm just saying it's not the complete picture.

[uncle_josh]

Hi David,

Thanks for point out.

Sent from 今天工作不努力, 明天努力找工作 using GAGT

[uncle_josh]

Another link to check DNS over HTTPS (DoH) working properly

[uncle_josh]

Source : https://www.qacafe.com/articles/what-is-dns-over-tls/

[uncle_josh]

By default, when you enable DNS-over-HTTPS your requests will go through Cloudflare at: https://mozilla.cloudflare-dns.com/dns-query



However you can use any DoH compliant endpoint by changing the network.trr.uri value to any end point that supports it, such as:

Google DNS: https://dns.google.com/experimental
Quad9: https://dns.quad9.net/dns-query


Source : https://miketabor.com/enable-dns-ove...ni-in-firefox/

[charlesdygreat]

You take note - A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

[SkyShroud]

I use dot, doh make sense for public network though but still wip

[shawnbright]

How do I enable DoH in Chrome and or Firefox? Same thing?