Windows 10 will implement DNS DoH in version 21H1

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

AndreiV

Very Senior Member
I turn this off in Firefox as it tends to cause issues for me.

DoH did not really come out like they thought it would.


I shut it down in Opera and Chrome for the same reasons, total disaster and I will decide what DNS I use, not some developer who thinks he/she has a bright idea.
 

ColinTaylor

Part of the Furniture
As DoH becomes more prevalent I guess there needs to be a list created of all the possible DoH server addresses so that they can be blocked by the router. Similar to the ad-block lists we use today.

I think there's only a few DoH providers at the moment (Cloudflare, Google, Quad9 and NextDNS are the ones that come to mind), but no doubt the number will grow. Does anyone know whether such a list is being compiled?
 

dave14305

Part of the Furniture
As DoH becomes more prevalent I guess there needs to be a list created of all the possible DoH server addresses so that they can be blocked by the router. Similar to the ad-block lists we use today.

I think there's only a few DoH providers at the moment (Cloudflare, Google, Quad9 and NextDNS are the ones that come to mind), but no doubt the number will grow. Does anyone know whether such a list is being compiled?
There's a reasonably comprehensive list here:
 

Poul Bak

Occasional Visitor
I guess, the reason why Google wants this is so that they can hardcode their own servers (and bypass any system DNS settings), hereby know EVERYTHING you're doing.
 

ColinTaylor

Part of the Furniture
I guess, the reason why Google wants this is so that they can hardcode their own servers (and bypass any system DNS settings), hereby know EVERYTHING you're doing.
Well they already hard code their own DNS servers into Android OS so they don't want anybody else taking that information away from them.
 

avtella

Very Senior Member
I use DNS over TLS instead on my pFsense box along with a rule on it that redirects all DNS queries from client devices through CloudFlare’s IPv4/6 DNS primary/secondary servers. This way I also don’t need to worry about manually changing browser DoH settings. Firefox uses CloudFlare I believe. As for Chrome makes sense for Google to use their own service.
 

avtella

Very Senior Member
Yes I am aware, but I don’t need to do any of that, the redirect rule on my firewall applies to all my clients. I meant it makes sense for Google to default to their own DNS servers on Chrome from a business perspective.
 

jeff3820

Regular Contributor
a rule on it that redirects all DNS queries from client devices through CloudFlare’s IPv4/6 DNS primary/secondary servers.
I do this as well with a Pfsense rule that works for client DNS inquiries sent on the standard port 53. If the client is using DOH, that is encrypted at the client and goes out on port 443 along with all other encrypted web traffic so the router cannot redirect the DNS request. I really don't mind as the DNS inquiry is still encrypted and that is the whole point anyway
 

avtella

Very Senior Member
Google uses port 853 for DNS over TLS and falls back to 53 without security if that fails, if I recall. Their DoH is 443.
 

cooloutac

Senior Member
weird. wasn't enabled on my browsers. seems they default to system proxy? I use a vpn on most of my machines otherwise cloudflare with dnsec. but I plan on trying out pi-hole with dnscrypt. The windows feature definitely sounds like limiting choices and purposely leaking data imo, especially if it defaults on.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top