What's new

Windows 10 will implement DNS DoH in version 21H1

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I turn this off in Firefox as it tends to cause issues for me.

DoH did not really come out like they thought it would.



I shut it down in Opera and Chrome for the same reasons, total disaster and I will decide what DNS I use, not some developer who thinks he/she has a bright idea.
 
As DoH becomes more prevalent I guess there needs to be a list created of all the possible DoH server addresses so that they can be blocked by the router. Similar to the ad-block lists we use today.

I think there's only a few DoH providers at the moment (Cloudflare, Google, Quad9 and NextDNS are the ones that come to mind), but no doubt the number will grow. Does anyone know whether such a list is being compiled?
 
As DoH becomes more prevalent I guess there needs to be a list created of all the possible DoH server addresses so that they can be blocked by the router. Similar to the ad-block lists we use today.

I think there's only a few DoH providers at the moment (Cloudflare, Google, Quad9 and NextDNS are the ones that come to mind), but no doubt the number will grow. Does anyone know whether such a list is being compiled?
There's a reasonably comprehensive list here:
 
I guess, the reason why Google wants this is so that they can hardcode their own servers (and bypass any system DNS settings), hereby know EVERYTHING you're doing.
 
I guess, the reason why Google wants this is so that they can hardcode their own servers (and bypass any system DNS settings), hereby know EVERYTHING you're doing.
Well they already hard code their own DNS servers into Android OS so they don't want anybody else taking that information away from them.
 
I use DNS over TLS instead on my pFsense box along with a rule on it that redirects all DNS queries from client devices through CloudFlare’s IPv4/6 DNS primary/secondary servers. This way I also don’t need to worry about manually changing browser DoH settings. Firefox uses CloudFlare I believe. As for Chrome makes sense for Google to use their own service.
 
As for Chrome makes sense for Google to use their own service.

Chrome do give a choice of settings/providers.

Chrome-secure-DNS-settings.png
 
Yes I am aware, but I don’t need to do any of that, the redirect rule on my firewall applies to all my clients. I meant it makes sense for Google to default to their own DNS servers on Chrome from a business perspective.
 
a rule on it that redirects all DNS queries from client devices through CloudFlare’s IPv4/6 DNS primary/secondary servers.
I do this as well with a Pfsense rule that works for client DNS inquiries sent on the standard port 53. If the client is using DOH, that is encrypted at the client and goes out on port 443 along with all other encrypted web traffic so the router cannot redirect the DNS request. I really don't mind as the DNS inquiry is still encrypted and that is the whole point anyway
 
Google uses port 853 for DNS over TLS and falls back to 53 without security if that fails, if I recall. Their DoH is 443.
 
weird. wasn't enabled on my browsers. seems they default to system proxy? I use a vpn on most of my machines otherwise cloudflare with dnsec. but I plan on trying out pi-hole with dnscrypt. The windows feature definitely sounds like limiting choices and purposely leaking data imo, especially if it defaults on.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top