News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Firefox – DNS over HTTPS

    Author
    Topic
    #2397068

    This relates to my experience with Firefox, though it may apply to other browsers.

    It came up yesterday when an online bridge group to which I belong sat down to play and tried to log-in to BridgeBase Online.  One of us got in, the other three were denied.  I tried half-a-dozen or so of the various “down detectors”, some said http://www.bridgebase.com was down, others said it was not.

    One piece of advice given by one of them was to change my Firefox settings to “DNS over HTTPS”.  Two of my group made this change and were able to log-in, the fourth must have been using an old version of FF, because the switch was not where I was describing it.  We played Trickster instead.

    I don’t think that I understand how this change affects how my FF reacts with the internet.  Have I changed my browser security – for the better / for the worse?  Also, I don’t want to be responsible for getting my fellow players to change to a setting that leaves them less secure than previously.

    Can anyone explain this to me, please?

    Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

    Viewing 6 reply threads
    Author
    Replies
    • #2397086

      When you enter a web address into your browser, the browser requests the IP address that corresponds to that web address via a DNS (Domain Name System), so it knows where to direct your request. By default, browsers do this unsecured, which is obviously vulnerable. Firefox allows you to (if you’re in the US, if I recall correctly) make the request over HTTPS, which is more secure, although not invulnerable.

      The only potential downside is that Firefox does this by using the Cloudflare service by default, so it comes down to how you feel about that company. As I recall, Cloudflare did an external audit of their DNS a while back and found that some data was unintentionally kept for up to 24 hours in a tiny minority of cases, but the audit was very transparent and it seemed to me like that they were prioritising privacy, and they did pass the audit, so I would personally not have a problem with them.

    • #2397098

      First off, it is always a good idea to have two installed web browsers for just this sort of thing.

      All browsers now offer secure DNS, not just Firefox.

      Whatever issue you had was not with secure DNS, but with the specific DNS provider. Firefox lets you chose amongst a few.

      We can’t be sure your problem was a server side temporary thing or a DNS problem on your computer and those of your friends.

      There are programs on Windows that will trace every DNS call so you can see for yourself if a domain/subdomain failed to resolve/translate.

      Secure DNS is a good thing in that it hides your DNS requests from your ISP. A VPN does this and much more. Cloudflare is a trustworthy DNS provider. Any secure DNS provider is probably better than using the defaults.

      Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

    • #2397109

      Because of a prior post here at AW I started using Quad9 and simply entered the following string in the FF Custom Box: https://dns.quad9.net/dns-query.

      Offered just as a Plan B choice AND in case someone knows something Great/Bad about Quad9 we’d all benefit from.

      Config Settings: https://www.quad9.net/service/service-addresses-and-features/#ip

      W10 Pro 21H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desktop-Ethernet/ 12 GB / 256G SSD + 1 TB HDD / i5-8400 CoffeeLake-S / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

      • #2397198

        Hi,

        I also used quad 9 it is good. They use to be in California but left to move to Switzerland to get away from the US rules and regulations if I remember correctly. I also have Ad Guard DNS I found my webpages that I have in my favorites load with lots of ads with creates longer load times and very frustrating what an improvement I have seen. I have used Cloudfare which from the reviews claimed to be the fastest around but I see after a few day’s was slow. I’m presently use Ad Guard.

    • #2397155

      In previous discussions here I got the impression to turn off DNS Over HTTPS in Firefox which I did.  Here also is an article on the cons of DNS over HTTPS:

      https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-solves-experts-say/

      I think this discussion warrants more investigation.  Does anyone else want to jump in?  Should I now enable this — or not?

      1 user thanked author for this post.
    • #2397403

      I have used Cloudfare which from the reviews claimed to be the fastest around but I see after a few day’s was slow. I’m presently use Ad Guard.

      I switched to try this and the Firefox DNS Custom Box string is:
      https://dns.adguard.com/dns-query

      Sites…..
      https://adguard.com/en/adguard-dns/setup.html
      https://adguard.com/en/blog/adguard-comment-on-dns-over-https-firefox-cloudflare.html

      W10 Pro 21H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desktop-Ethernet/ 12 GB / 256G SSD + 1 TB HDD / i5-8400 CoffeeLake-S / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

    • #2397742

      All browsers now offer secure DNS, not just Firefox.

      Not true! Pale Moon does and will not.

      https://forum.palemoon.org/viewtopic.php?f=62&t=18678&p=137637&hilit=doh#p137637

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
    • #2397758
    Viewing 6 reply threads
    Reply To: Firefox – DNS over HTTPS

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.