Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday July 08 2019, @10:23AM   Printer-friendly
from the Homer-Simpson-Approved dept.

How to Enable DNS-Over-HTTPS (DoH) in Firefox:

The DNS-over-HTTPS [(Doh)] protocol works by taking a domain name that a user has typed in their browser and sending a query to a DNS server to learn the numerical IP address of the web server that hosts that specific site.

This is how normal DNS works, too. However, DoH takes the DNS query and sends it to a DoH-compatible DNS server (resolver) via an encrypted HTTPS connection on port 443, rather than plaintext on port 53.

This way, DoH hides DNS queries inside regular HTTPS traffic, so third-party observers won't be able to sniff traffic and tell what DNS queries users have run and infer what websites they are about to access.

Further, a secondary feature of DNS-over-HTTPS is that the protocol works at the app level. Apps can come with internally hardcoded lists of DoH-compatible DNS resolvers where they can send DoH queries.

This mode of operation bypasses the default DNS settings that exist at the OS level, which, in most cases are the ones set by local internet service providers (ISPs).

This also means that apps that support DoH can effectively bypass local ISPs traffic filters and access content that may be blocked by a local telco or local government -- and a reason why DoH is currently hailed as a boon for users' privacy and security.

[...] The below step-by-step guide will show Firefox users in the UK and Firefox users all over the world how to enable the feature right now, and not wait until Mozilla enables it later down the road -- if it will ever do. There are two methods of enabling DoH support in Firefox.

The fine article then presents step-by-step instructions on two methods to enable DoH in Firefox, as well as an explanation of what the various setting values mean.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday July 08 2019, @03:19PM

    by Anonymous Coward on Monday July 08 2019, @03:19PM (#864521)

    you are wrong, alas. this is/was a hack, no a crack (because evil), to quickly statisfy the people making by selling ads on behalf of ... well others.
    muchos grandos monies is involved and if it involves turning the intertubes into sewage pipes it WILL happen!
    with dnsoverhttps all simple solution of blackholing (better yet, rejecting) domains serving ads have become null and void.
    with doh, the intertubs turned into a all you can eat buffet for ad companies, disguised as "freedom for all, no more blocked domains".
    the real, main and singular motive is making ad-blocking impossible...
    what we need now is a daemon that autoupdates all (known) doh server xor registers the first lookup of the doh server, then redirects all further request to that/those ip ranges go a local doh server we can control AND STILL BLACKHOLE/REJECT certain domains.
    as far as i can tell, the doh servers in the app are still "name.dohserver.fecease.net" and not a hard ip, thus the first lookup/resolve is still regular dns to get the ip adress of "dohserver". this should trigger a redirect rule of the firewall for ip.address.dohserver to a ip of a local doh server? nevermind the blocken cert. let the user know ...