DoH support is already built into all major browsers. Users only need to enable and configure it.
All six manufacturers of major browsers plan to support the DNS protocol over HTTPS (DoH), which encrypts DNS traffic and helps increase user privacy on the network.
This protocol is one of the most discussed topics of this year. It allows the browser to hide DNS queries and responses inside normal at first glance HTTPS traffic.
This makes the user's DNS traffic invisible to third-party network observers, such as providers. However, if users adore DoH and consider it a boon to privacy, cybersecurity providers and manufacturers hate it.
A British provider called Mozilla "an Internet villain" for the company's DoH implementation plans, and a group of Comcast lobbyists were convicted of preparing a document on DoH that they plan to submit to British lawmakers, hoping to prevent a wider distribution of the protocol.
However, time may already be lost. The editors contacted manufacturers of major web browsers over the course of the week to find out about their future plans for DoH, and they all plan to implement the protocol in one form or another.
How to enable DoH in any browser
Here's what we know today about the plans of browser makers related to DoH, and how users can enable DoH in any browser.
Brave
“We really want to implement it,” Tom Lowenthal, product manager at Brave for Privacy & Security told us.
However, the Brave team does not yet have an exact timeline for implementing DoH. They are working on other privacy improvements. For example, this week the company released an update that improves the recognition of scripts that track user actions. On the horizon looming version of Brave 1.0, and the team needs to concentrate on its release. But DoH in Brave will be.
“DoH implementation is much more than a simple technical task. We need to decide what reasonable and protective settings we can enable by default for most people who don’t think about setting up DNS - but so that we don’t break anything from those people and organizations that have carefully approached the adjustment of their programs, ”Lowental said .
Since Brave is based on the open Chromium project, it has DoH support. However, the team has not yet configured this support. It is in the code, but it is included in the way the Google Chrome authors team came up with. You can enable DoH in Brave by going to the following URL:
brave: // flags / # dns-over-https
Chrome
Google Chrome became the second browser after Firefox to add DoH support. You can enable it by going to the following URL:
chrome: // flags / # dns-over-https
By default, DoH is not enabled for everyone. Google is currently conducting a limited experiment with a small number of users to test how DoH will perform in real use.
Chrome's DoH support is different from Firefox, which by default redirects DoH traffic to Cloudflare. After enabling the protocol, the browser will send DNS queries to all the same servers as before. If the selected server has an interface with DoH support, then Chrome will encrypt the DNS traffic and send it to the same DNS server using the DoH protocol.
Thanks to this, Chrome does not intercept the DNS settings of the OS - this is a very responsible approach, since the browser can be used in large enterprises.
Currently, DoH in Chrome works like this:
- The user enters the site URL in the browser.
- Chrome receives data on the DNS server of the OS.
- It checks to see if this server is on the white list of approved DoH-enabled servers.
- If so, Chrome sends an encrypted DNS query to the interface of this server.
- If not, Chrome sends a regular DNS query to this server.
Therefore, the user is at risk of not using the DoH protocol. The user's OS usually receives DNS settings from a reputable network center, which is usually the provider. If the provider does not want to use DNS with DoH support, then this will not work for you.
However, there are two ways to get around this and force Chrome to use DoH constantly and regardless of your ISP’s DNS settings.
First, you can take advantage of the tutorial on how to enforce DoH support in Chrome. Secondly, the user can configure a DoH-enabled DNS server in their OS. You can select it from the list, and this is guaranteed to work in Chrome.
Edge
Microsoft plans to release a new version of the Edge browser based on Chromium code next year. A Microsoft representative told us that the company supports DoH, but does not disclose exact plans. However, the Chromium-based Edge version already supports DoH. You can enable it by going to the URL:
edge: // flags / # dns-over-https
This will enable DoH support, but it will only work if your computer uses DoH-enabled DNS - which does not happen in 99% of cases. To force DoH into Edge, you can use the instructions from the next blog post of one of the Edge programmers. The Cloudflare server address can be replaced with any other DoH server that you can select from the link . After proper configuration, Edge is able to work with DoH.
Firefox
Mozilla pioneered this protocol with Cloudflare. DoH support is already available in stable versions of Firefox. It can be enabled in the settings in the "Network Settings" section.
Everyone criticizes the DoH implementation in Firefox because the browser uses Cloudflare by default, rewriting the DNS settings.
However, this value can be changed by registering any server with DoH. Of all browsers, protocol support in Firefox is best implemented, and setting it up is easiest - mainly because developers have been dealing with it longer than others.
Now the browser already includes DoH support by default for all US users. As the British government objects to this, for British users this support will not be enabled by default.
In the past, Mozilla did not guarantee the inclusion of DoH by default in other countries. However, since protocol support is already in the stable version of the browser, the user only needs to enable it and everything will work.
Opera
Opera has already built in DoH support. By default, it is turned off, but it can be turned on at any time, and everything will work without additional steps.
Opera developers use a module for working with DoH similar to what is used in Firefox, and do not leave everything to providers, like Chrome. All browser traffic now goes through resolver 1.1.1.1 from Cloudflare.
We did not find a way to change it to another, but at least DoH in Opera works. However, it will not work with VPN - if you need DoH, then you have to disable it.
To enable DoH in Opera, go here:
opera: // flags / opera-doh
Safari
There is no data. Safari developers are usually late for all parties to add new features, and Apple has recently invested in user privacy, so there is every chance that Safari will have DoH support.
Vivaldi
Vivaldi spokesman said DoH support is related to the implementation of Chrome. Users can enable it by going to the following URL:
vivaldi: // flags / # dns-over-https
However, since DoH in Vivaldi works the same as in Chrome, it will not encrypt DNS queries if the user uses a DNS server specified in the OS and does not support encryption.
Most likely, you will have to add one of the DoH-supporting servers to your OS’s DNS settings, so that this function works in Vivaldi, and use it constantly. We were able to achieve this by registering the DNS server 1.1.1.1 in the settings.
A Vivaldi spokesman said that future DoH support in the browser may change, depending on how Google changes the protocol support in Chromium.