SoylentNews is people
SoylentNews
How to Enable DNS-Over-HTTPS (DoH) in Firefox:
The DNS-over-HTTPS [(Doh)] protocol works by taking a domain name that a user has typed in their browser and sending a query to a DNS server to learn the numerical IP address of the web server that hosts that specific site.
This is how normal DNS works, too. However, DoH takes the DNS query and sends it to a DoH-compatible DNS server (resolver) via an encrypted HTTPS connection on port 443, rather than plaintext on port 53.
This way, DoH hides DNS queries inside regular HTTPS traffic, so third-party observers won't be able to sniff traffic and tell what DNS queries users have run and infer what websites they are about to access.
Further, a secondary feature of DNS-over-HTTPS is that the protocol works at the app level. Apps can come with internally hardcoded lists of DoH-compatible DNS resolvers where they can send DoH queries.
This mode of operation bypasses the default DNS settings that exist at the OS level, which, in most cases are the ones set by local internet service providers (ISPs).
This also means that apps that support DoH can effectively bypass local ISPs traffic filters and access content that may be blocked by a local telco or local government -- and a reason why DoH is currently hailed as a boon for users' privacy and security.
[...] The below step-by-step guide will show Firefox users in the UK and Firefox users all over the world how to enable the feature right now, and not wait until Mozilla enables it later down the road -- if it will ever do. There are two methods of enabling DoH support in Firefox.
The fine article then presents step-by-step instructions on two methods to enable DoH in Firefox, as well as an explanation of what the various setting values mean.
(Score: 5, Insightful) by BsAtHome on Monday July 08 2019, @11:24AM (3 children)
This is actually a problem. The system settings should always be the master in configuration. Especially for something as important as low-level network services. I have nothing against DNS-over-HTTPS, but I want to be in control. I have my own local-network-wide DNS resolver and do not want applications to bypass it. How else do I get rid of farcebook that easily?
In-app service dependencies are not only a hell to manage, they pose a real threat to transparency and configurability of the network-stack. Remember how windows prevents the hosts file from blocking MS' target domains? Hidden configs are a real pain. And then, after someone finds a way to hack the app, it will all end in tears. If we want DNS over HTTPS, then it should be transparently and openly managed by the system, where the sysadmin can do the proper configuration.
(Score: 1, Interesting) by Anonymous Coward on Monday July 08 2019, @12:25PM
Lots of apps have already started hard coding the DNS servers they use. Google in particular is bad about this... it keeps you from ad filtering via something like a pi-hole and it lets them know every site you're looking at. You can fix that on your router, only given you know how and that you have access to it.
If this takes off they could just serve the requests from the same IPs as search and you won't be able to block it.
(Score: 4, Insightful) by c0lo on Monday July 08 2019, @01:00PM
For you, not for faecebook
You can't. Problem solved (well, faecebook's problem solved), you only count as a consumer that must act as a source of profit.
(grinning off)
---
Add to this a scenario involving "great firewall of [social_media_name]" - in which links to outside-Faecebook-pages posted by the "user" inside Faecebook pages are censored or redirected; and the same way for Amazon. And the same way for Disney vs. Netflix.
On the second thought... mmm... that's not a bug, that's a feature. Yeap, full steam ahead boys, the sane smaller players can't afford playing MAD games so they won't play nasty (except for the phishers)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by darkfeline on Tuesday July 09 2019, @03:16AM
DNS is and was ALWAYS an application level protocol. Go dig up the ol' OSI chart. Where does DNS sit? Level 7, Application Layer.
The OS MAY provide name resolution as a convenience. The OS MAY provide an application configuration service as a convenience (Windows registry, anyone?). But applications have always had free reign to do whatever the hell they wanted.
Join the SDF Public Access UNIX System today!