https://www.theregister.co.uk/2019/09/10/chrome_78_dnsoverhttps/
Only days after Mozilla said it plans to make DNS-over-HTTPS (DoH) available by default gradually for Firefox users in the US, Google announced its intention to test DoH in Chrome 78, due for beta release in the next two weeks.
DoH wraps domain-name queries in a secure, encrypted HTTPS connection to a DNS server, rather than firing off requests using bog-standard plain-text insecure DNS, thereby keeping queries inaccessible to eavesdroppers. It's one of several emerging internet protocols intended to close security and privacy gaps in online communications.
Google's experiment will involve checking whether Chrome 78 users' DNS provider is among six services selected for their readiness to test DoH – Cleanbrowsing, Cloudflare, DNS.SB, Google, OpenDNS and Quad9. And if so, Chrome will switch from standard DNS to DoH using the same service provider, at least for those lucky few in the experimental group.
Google is thus avoiding one of the concerns raised by Mozilla's approach, forcing Firefox users to change their chosen DNS provider for Cloudflare. In so doing, Google ensures that malware screening and parental filtering capabilities offered by DNS providers will continue to function, if possible under DoH.
(Score: 2) by corey on Friday September 13 2019, @09:54PM
Is this from Android or Chrome, or chrome on Android? Love to know more details.
How are you redirecting DNS queries? A la transparent squid.
I have set up DNSSEC and DNS over TLS on my unbound server, works well except higher latency as I'm not using my ISP DNS server.
On another note, I just installed Blokada on my android phone, it's been picking up heaps of connections to the likes of mtalk.google.com, alt1-mtalk.google.com, play.googleapis.com, android.clients.google.com and heaps more. Over and over every minute or less.