![]() |
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
Firefox began the rollout of encrypted DNS over HTTPS (DoH)
Home › Forums › AskWoody support › Questions: Browsers and desktop software › Other browsers › Firefox began the rollout of encrypted DNS over HTTPS (DoH)
- This topic has 11 replies, 9 voices, and was last updated 9 months, 3 weeks ago.
Viewing 9 reply threads-
AuthorPosts
-
-
February 25, 2020 at 11:34 am #2171099
Alex5723
AskWoody PlusToday, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users. The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users..
Firefox continues push to bring DNS over HTTPS by default for US users
Outside the US? you can switch on DNS over HTTPS manually.
Firefox > Preferences
Scroll down to Settings
Click the Settings… button
At the bottom, check Enable DNS over HTTPS
Optionally, use the pull-down menu to change the provider3 users thanked author for this post.
-
February 26, 2020 at 1:06 am #2171359
-
February 26, 2020 at 3:39 am #2171412
Alex5723
AskWoody PlusHave you noticed any positive difference during look up requests?
I use Portable Firefox ESR that doesn’t have this option.
One positive point with DoH is that your ISP can’t track your surfing/URLs.1 user thanked author for this post.
-
February 26, 2020 at 6:34 am #2171452
Paul T
AskWoody MVPThey can still track by IP.
URL tracking is always limited in an HTTPS session because you only need one DNS lookup to go to a site and then it’s internal references. And the DNS results are cached locally so one DNS lookup may be accessed many times without the ISP knowing, apart from IP address.cheers, Paul
-
-
February 26, 2020 at 1:46 pm #2171645
Charlie
AskWoody PlusIf I’m reading things correctly then DoH is a good thing. I’m wondering if this is the reason I see a lot of things happening at the bottom left of my FF browser. To give you a for instance: I click on my Askwoody bookmark and nothing comes up in the address bar, but down at the bottom left I see “Looking for Askwoody” followed by “Handshaking with Gravitar” and other things that flash by too quickly to read. By now Askwoody is in the address bar.
All this takes somewhere around 8 to 10 seconds and then the webpage comes up. I’m not sure if DoH is responsible for this, but I never saw it prior to about 3 to 4 weeks ago. Has anyone else noticed this or have any comments?
-
February 26, 2020 at 2:40 pm #2171666
satrow
AskWoody MVPResponse times might be slower.
I don’t understand how Mozilla in their commit message can state it’s more efficient. There is nothing more efficient than performing a one-shot-one-response UDP request to a DNS server. Setting up an HTTPS connection is expensive, slow, and not efficient at all. What are they thinking?
This kind of tunneling over http of other protocols is further undermining the wide array of protocols in use on the internet. If you don’t trust the local network, and you need a server anyway to tunnel through, you may as well use a VPN and cover everything in one go instead of coming up with all sorts of proprietary mechanisms to “work around using one protocol instead of multiple”. If you suffer from DNS poisoning, then pick better resolvers to use.
I don’t see a reason to implement this at this time. https is not meant to be used an an encapsulation protocol, despite people doing so.
-
-
February 26, 2020 at 2:03 pm #2171651
Microfix
AskWoody MVPBeen using DoH since it was introduced in FF here in the UK months ago, and if there is any slowdown, I can’t say i’ve noticed it. One plus is, it’s also far more difficult for your ISP to track your internet site visits.
Nice to get some internet privacy back..(OS dependant) well done Mozilla 🙂
No problem can be solved from the same level of consciousness that created IT- AE1 user thanked author for this post.
-
February 26, 2020 at 3:08 pm #2171699
Ascaris
AskWoody_MVPI’ve been using DNS over HTTPS for a while (in Linux), thinking probably over a year on my Swift laptop, not just in the browser, but for all DNS resolution. I haven’t noticed any latency change. I don’t see how it would be any faster than standard DNS, but the increase in time to transmit the extra overhead can’t be much.
Group "L" (KDE Neon Linux 5.20.5 User Edition)
-
February 26, 2020 at 4:13 pm #2171725
Carl
AskWoody PlusI’ve been using DoH (Cloudfare – IPv6) for well over a year without issue. I’ve not noticed any performance impact.
You can also enable server name identification (SNI) encryption by typing “about:config” in the address bar and locating the setting:
network.security.esni.enabled
You can test your settings and browser security by visiting this Cloudfare test page:
Browsing Experience Security CheckYou are not restricted to using Mozilla DoH servers. For example, the Mozilla Cloudfare server is “https://mozilla.cloudflare-dns.com/dns-query”, but you can use this “https://cloudflare-dns.com/dns-querythat”. Some other Doh providers can be found here:
1) Github wiki list (curl documentation)
2) AdGuard Known DNS Providers
3) Privacy Tools – Encrypted Domain Name System (DNS) ResolversCleanBrowsing also has 3 public DoH endpoints that provide filtering (family, adult, or security).
Microsoft is planning to include DoH in Windows 10 at some point. Note the Firefox implementation may not be suitable for enterprise use since it ignores whatever settings the admin may have set in the router(s) or at the adapter level.
Some argue that ISPs can still spy on you because they still know the IP address you’re visiting even if using DoH and ESNI. Knowing an IP address, however, isn’t as valuable as it once was since a single IP can map to multiple domains. I’m of the opinion that anything that makes life harder for those that wish to spy on me is a good thing.
-
February 27, 2020 at 12:24 am #2171853
Lars220
AskWoody Lounger“DoH support is already present in all major browsers. Users just have to enable it and configure it.”
By Catalin Cimpanu for Zero Day | February 26, 2020
“Here’s how to enable DoH in each browser, ISPs be d***ed”
1 user thanked author for this post.
-
February 27, 2020 at 1:54 am #2171882
Paul T
AskWoody MVPOne plus is, it’s also far more difficult for your ISP to track your internet site visits
No it’s not, but it limits the tracking to IP addresses rather than URLs. And URL tracking via DNS is only ever the base domain, e.g. http://www.askwoody.com.
Your browser can and probably does track full URLs.
cheers, Paul
-
This reply was modified 11 months ago by
Paul T.
1 user thanked author for this post.
-
This reply was modified 11 months ago by
-
April 6, 2020 at 11:28 am #2223803
Michael432
AskWoody_MVPFYI. There is a topic on Encrypted DNS (which is bot DoH and DoT) here
https://defensivecomputingchecklist.com/#dohdot
There are two ways to enable this in the Chrome browser, one that is straight forward and one that is not. I document the straightforward one.
FYI: Encrypted DNS is also available system-wide on Android 9 and 10.
If you want to see what DNS servers your browser is using, there are many tester pages listed here
https://routersecurity.org/testdns.php
We need this because DNS server can come from 1 of 4 sources (that I know of).
Get up to speed on router security at RouterSecurity.org
2 users thanked author for this post.
-
-
AuthorPosts
Viewing 9 reply threads -
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search The Lounge
Recent Replies
OlderGeeks.com on Freeware spotlight — 3 tiny tech tools for your flash drive
21 minutes agoFred on Google threatens to remove search engine from Australia
23 minutes agoPaul T on Can’t add, or remove, any bluetooth device
43 minutes agoanonymous on So I opened up an HP and where’s the hard drive?
52 minutes agoAlex5723 on Tasks for the Weekend – January 23, 2021
1 hour, 18 minutes agoDonald Crossman on Can’t add, or remove, any bluetooth device
1 hour, 22 minutes agoAlex5723 on Can’t add, or remove, any bluetooth device
1 hour, 30 minutes agoDonald Crossman on Can’t add, or remove, any bluetooth device
1 hour, 43 minutes agoAlex5723 on Giving you the choice
2 hours, 6 minutes agoOscarCP on Linux is now completely usable on the Mac mini M1
3 hours, 58 minutes agoMatador on Tasks for the Weekend – January 23, 2021
4 hours, 11 minutes agoPaul T on Outlook 2019 send and receive
4 hours, 19 minutes agoPaul T on This should be the best patching experience
4 hours, 28 minutes agoPaul T on Files don’t copy from Win7 HDD to Win10 computer
4 hours, 31 minutes agoOscarCP on Giving you the choice
4 hours, 31 minutes agoPaul T on Need inexpensive domain
4 hours, 35 minutes agoScotchJohn on Giving you the choice
4 hours, 37 minutes agoPaul T on Can’t add, or remove, any bluetooth device
4 hours, 40 minutes agoScotchJohn on Outlook 2019 send and receive
4 hours, 40 minutes agoPaul T on Do we need Java?
4 hours, 43 minutes agoPaul T on Standalone installer script for Windows 7 ESU, regardless the license
4 hours, 56 minutes agoPaul T on Giving you the choice
4 hours, 57 minutes agoCybertooth on Giving you the choice
5 hours, 17 minutes agoPierre77 on Standalone installer script for Windows 7 ESU, regardless the license
5 hours, 19 minutes agoBundaburra on Outlook 2019 send and receive
5 hours, 42 minutes agoNathan Parker on macOS Catalina running on iPad Pro 2020
6 hours, Just nowNathan Parker on Linux is now completely usable on the Mac mini M1
6 hours, 1 minute agoNathan Parker on Apple to block sideloading iOS apps on M1
6 hours, 2 minutes agoBundaburra on Fiber optic not available; options please
6 hours, 4 minutes agoareader on Fiber optic not available; options please
7 hours, 14 minutes ago
Recent Topics
-
Chrome browser stopped playing video
40 minutes ago
-
The Classic Browser v6.3
2 hours, 20 minutes ago
-
Apple News Wrap Up: January 23, 2020
5 hours, 3 minutes ago
-
Tasks for the Weekend – January 23, 2021
1 hour, 19 minutes ago
-
Need inexpensive domain
4 hours, 36 minutes ago
-
Outlook 2019 send and receive
4 hours, 20 minutes ago
-
Can’t add, or remove, any bluetooth device
44 minutes ago
-
Customize the mouse w10 2004–19041.746
16 hours, 16 minutes ago
-
Can’t install any programs since Win 2004 update
10 hours, 26 minutes ago
-
SFC errors not repairable, upgrade to 2004?
13 hours, 5 minutes ago
-
Slow file copy
16 hours, 39 minutes ago
-
Do we need Java?
4 hours, 44 minutes ago
-
Windows 10 version changes
15 hours, 29 minutes ago
-
Lost Post
21 hours, 24 minutes ago
-
Hasta la vista, TeamViewer Free
12 hours, 57 minutes ago
-
Files don’t copy from Win7 HDD to Win10 computer
4 hours, 31 minutes ago
-
Does the HP Spectre Notebook (2016 model) have a removable wireless LAN Card?
1 day, 6 hours ago
-
Windows 10 2004 and Intel Ethernet Problem Solving
17 hours, 43 minutes ago
-
KB4023057 while on Win10-2004
18 hours, 49 minutes ago
-
MS Shared Experience warning
1 day, 12 hours ago
-
Google threatens to remove search engine from Australia
23 minutes ago
-
macOS Catalina running on iPad Pro 2020
6 hours, 1 minute ago
-
How to check if someone else accessed your Google account
2 days, 4 hours ago
-
This should be the best patching experience
4 hours, 28 minutes ago
-
Windows 10 Insider build 19042.782 (20H2) released to Beta & Release Preview
2 days, 9 hours ago
-
Browser Settings Block Linux Mint Downloads
2 days, 9 hours ago
-
Windows 10 Insider Preview build 20296 released to DEV Channel
2 days, 16 hours ago
-
Google Analytics Notice
2 days, 17 hours ago
-
Beeper combines 15 chatting apps
2 days, 12 hours ago
-
File Explorer cannot see external 2Tb drive in full
2 days, 20 hours ago
Search for Topics
Recent blog posts
- Tasks for the Weekend – January 23, 2021
- Slow file copy
- This should be the best patching experience
- So I opened up an HP and where’s the hard drive?
- What Linux is and why it has persisted
- Find the cable modem that’s just right for your ISP
- Four GB of RAM vanishes … but then reappears
- Wow! Even more Office updates!
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.