HWZ Forums

Login Register FAQ Mark Forums Read

How to enable DoH in each browser

Like Tree1Likes
  • 1 Post By uncle_josh
Reply
 
LinkBack Thread Tools
Old 02-12-2019, 04:24 PM   #1
Senior Member
 
uncle_josh's Avatar
 
Join Date: Jun 2018
Posts: 643
How to enable DoH in each browser

1. Here's how to enable DoH in each browser, ISPs be damned

2. Cloudflare Secure DNS Checker



Why use DNS over HTTPS (DoH)
1. encrypts DNS traffic and helps improve a user's privacy on the web.

2. makes a user's DNS traffic invisible to third-party network observers

3. prevent man-in-the-middle attacks
Man-in-the-middle attacks (a common cybersecurity concern) are more or less useless if DNS over HTTPS is enabled. Since all DNS requests are encrypted, a 3rd party observer cannot make sense of the data they would gleam.
Hafi likes this.
__________________
https://www.speedtest.net/my-result/a/5406920451.png

Last edited by uncle_josh; 02-12-2019 at 04:26 PM..
uncle_josh is offline   Reply With Quote
Old 03-12-2019, 01:48 PM   #2
Arch-Supremacy Member
 
davidktw's Avatar
 
Join Date: Apr 2010
Posts: 10,063
Half the story. Still have to wait for prevalence of ESNI in the HTTPS world to really obscure ur DNS intention. Btw that is if you trust the 3rd party which is cloudflare.

MITM actually isnít mitigated by DOH nor DOT, That is to be mitigated by DNSSEC. The MITM can happen upstream of cloudflare, even though DOH and DOT would have protected cloudflare downstream

Donít think of security between you and cloudflare only. That is again half the story only.

Last edited by davidktw; 03-12-2019 at 01:52 PM..
davidktw is offline   Reply With Quote
Old 03-12-2019, 03:33 PM   #3
Senior Member
 
uncle_josh's Avatar
 
Join Date: Jun 2018
Posts: 643
Most users will just happen to be dependent on cloud providers for DoH not because of anything inherent to DoH, but because at the moment only cloud providers are offering DoH-enabled resolvers

AFAIK it doesn't matter. The important thing is that you're not using plaintext DNS.

It's about preventing network observers from figuring out what sites you visit by observing the DNS requests you make.

Sent from 今天工作不努力, 明天努力找工作 using GAGT

Last edited by uncle_josh; 03-12-2019 at 03:36 PM..
uncle_josh is offline   Reply With Quote
Old 03-12-2019, 03:35 PM   #4
Arch-Supremacy Member
 
davidktw's Avatar
 
Join Date: Apr 2010
Posts: 10,063
Most users will just happen to be dependent on cloud providers for DoH not because of anything inherent to DoH, but because at the moment only cloud providers are offering DoH-enabled resolvers

AFAIK it doesn't matter. The important thing is that you're not using plaintext DNS.

Sent from 今天工作不努力, 明天努力找工作 using GAGT
It is plaintext from Cloudflare to the Authority DNS, unless the Authority DNS support DNSSEC. It is next to no security unless you know your end-to-end security. Encryption alone is not the sole answer to security. You need to know where your information are leaked, that's how security works.

I'm not saying DOH or DOT is not important as part of the holistic security framework, I'm just saying it's not the complete picture.
davidktw is offline   Reply With Quote
Old 03-12-2019, 04:30 PM   #5
Senior Member
 
uncle_josh's Avatar
 
Join Date: Jun 2018
Posts: 643
Hi David,

Thanks for point out.

Sent from 今天工作不努力, 明天努力找工作 using GAGT
uncle_josh is offline   Reply With Quote
Reply
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Terms of Service for more information.


Thread Tools

Posting Rules

Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On