DNS-over-HTTPS Released on Major Browsers Despite Resistance From ISPs

Dec.02.2019

Author :Justin Brunnette

Category: IT News

Six of the major browsers have now announced that they would be providing some sort of support for the DNS-over-HTTPS (DoH) protocol. DoH provides additional privacy and security to a user's web usage and has gained much attention this year. It allows the user to hide their DNS requests, preventing third parties such as ISPs from seeing their DNS traffic.
 
Most websites have something called an HTTPS encryption which will make sure that no one can view your activity when you are connected to this website or that the webpage itself cannot be interfered with. While there has been a push to add HTTPS encryption, the DNS security has not been thoroughly addressed.
 
DNS or Domain Name System, allows the user to connect to a webpage by using its name like “google.com” rather than using its IP address. But the DNS lookups themselves have not been encrypted and anyone in between such as your ISP or other users using the same public wifi, could get a log of which domains you are accessing. This leaves the user vulnerable to man-in-the-middle attacks, such as spoofing and pharming attacks.
 
Rather than using the DNS protocol, DoH sends the DNS request through an https protocol. The DoH client will encode the DNS query by using a HTTP GET or POST with an MIME type application/dns-message. The specifics are provided in IETF’s RFC 8484. (https://tools.ietf.org/html/rfc8484)
 
Most users use DNS servers provided by their ISPs, though there are other third party providers such as Cloudflare’s 1.1.1.1, Google’s Public DNS and OpenDNS. It is these third party providers that are providing the DoH encryption.
 
This has received criticisms from ISPs on the grounds that it may pose security risks. UK’s ISP has called out Mozilla as an “internet villain” and Comcast, one of America’s ISPs, was caught lobbying US lawmakers with misleading information in the hope of preventing DoH from being released. DoH would make it difficult for ISPs to obtain user data for targeted advertising as well as targeted censorship in authoritarian governments.
 
DoH is still an experimental service and will not be provided as a default setting on browsers.
 
Here is how you can enable DoH on your browser:
 
FireFox:
Mozilla pioneered DoH with Cloudflare. To set their settings, got to options, network settings and click on the settings button. Then you will get an window like the image below and near the bottom, there will be an check box for “enable DNS over HTTPS”
 

 
Chrome:
Chrome was the second browser to release DoH. To enable, go to the following link:
 
chrome://flags/#dns-over-https
 
Click the drop down for “Secure DNS lookups” and select “Enabled”.
 

 
Edge:
This year Microsoft will release their new version of Edge that was built on Chromium. The Chromium based Edge will have the DoH support already and to enable it, use the following link:
 
 edge://flags/#dns-over-https
 
Click the drop down for “Secure DNS lookups” and select “Enabled”.
 

 
Additional browser support can be found in the original article.
 
Original article:
https://www.zdnet.com/article/dns-over-https-will-eventually-roll-out-in-all-major-browsers-despite-isp-opposition/