Jump to content
Tuts 4 You
Sign in to follow this  
Teddy Rogers

DNS over HTTPS

Recommended Posts

Teddy Rogers

DNS resolvers and queries (over HTTPS) seem to be a bit of a popular topic in the news of late. There are a number of reasons why people should be using DoH (or DoT); privacy, security, prevention against eavesdropping and man-in-the-middle attacks.

For those not familar and for those of you interested there are ad-blocking DoH resolvers.

Below is a list of ad-blocking resolvers that I am currently aware of.

Obviously these will perform better or worse depending on where you are located geographically in the world.

My top three for performance are the first three in the list, the others are ranked in no preferential order.

https://adblock.mydns.network/dns-query -  Anycast (Cloudflare) / DNSSEC / DDoS
https://dns.adguard.com/dns-query
https://doh.tiarap.org/dns-query - Malware / DNSSEC

https://ads-doh.securedns.eu/dns-query - DNSSEC
https://doh.dnswarden.com/adblock - DNSSEC
https://dns-nyc.aaflalo.me/dns-query
https://dns.aaflalo.me/dns-query - DNSSEC
https://doh.tiar.app/dns-query - Malware / DNSSEC
https://dns.oszx.co/dns-query - DNSSEC

If you know of some others out there please share them...

Ted.

 

  • Like 1

Share this post


Link to post
whoknows

how exactly get this to work ?

to use hostname (vs IP) PC needs a DOH Proxy ?

https://dnscrypt.info/implementations/

 

nonDOH - famous adblock, DNSProxies :

https://mayakron.altervista.org/wikibase/show.php?id=AcrylicHome

https://chrome.google.com/webstore/detail/domain-blocker/ggdcjplapccgoinblmidpkoocfafajfa

https://github.com/coredns/coredns

[adguard free] https://adguard.com/en/adguard-dns/overview.html

 

article - DNS-over-HTTPS (DoH) providers not classified as "Proxy & VPN" or similar

https://community.cleanbrowsing.org/topic/dns-over-https-doh-providers-not-classified-as-proxy-vpn-or-similar/

 

I found out that Chome (>= Chrome 78)  has an option

                spacer.png

but where to put the hostnme (?), an article writes 

The only downside to this is that DoH is still relatively hard to configure manually in Chrome, for inexperienced users at least.
Quote

 chrome://flags/#dns-over-http

 

Using DNS over HTTPS (DoH) with OpenDNS

Note that Chrome looks for OpenDNS IP addresses specifically. This means if you're configured to use to IP address of a local DNS server or forwarder,
Chrome will not upgrade to using DoH, even if that server forwards to OpenDNS.

https://support.opendns.com/hc/en-us/articles/360038086532-Using-DNS-over-HTTPS-DoH-with-OpenDNS

^advanced users can use command line to provide DoH server, has examples^

 

from the other side Firefox @ options > network > connection, is ready to go

            spacer.png

 

more over  

https://www.howtogeek.com/660088/how-to-enable-dns-over-https-in-google-chrome

which provides a DoH online tester by Cloudflare
https://www.cloudflare.com/ssl/encrypted-sni/

 

Share this post


Link to post
Teddy Rogers

Simply DNSCrypt (on Windows) is likely to be the easiest to get DoH working for most people.

You could try using DoH at router level if there is support for it.

The next update of Windows 10 is purportedly to come with DoH support...

Ted.

  • Like 1

Share this post


Link to post
whoknows

Cloudflare's 1.1.1.1 (KPMG audit)

https://www.bleepingcomputer.com/news/security/cloudflares-1111-dns-passes-privacy-audit-some-issues-found/

 

Edited by whoknows (see edit history)

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...