MozillaZine

DNS over HTTPS

User Help for Mozilla Firefox
sandeep108
 
Posts: 211
Joined: February 19th, 2005, 3:19 am

Post Posted September 30th, 2019, 11:25 pm

I have enabled DNS over HTTPS using the default Cloudflare DNS server. Everything seems to be working fine. I wish to know whether only the url I type in the address bar goes through the DNS/HTTPS or whether any url accessed either through the homepage, Google search or other links also use the DNS over HTTPS as per my settings. To reiterate, when I click any link in FF will it go through Cloudflare or only the urls I type in the address bar. What about using autocomplete in the address bar?

jscher2000

User avatar
 
Posts: 10715
Joined: December 19th, 2004, 12:26 am
Location: Silicon Valley, CA USA

Post Posted October 1st, 2019, 8:27 am

DNS is the system that matches host names (like forums.mozillazine.org) to IP addresses, which are used for routing traffic on the internet. Usually Firefox asks your OS to do the lookup, and your OS asks your network provider.

DNS over HTTPS changes how Firefox looks up the IP addresses corresponding to host names you want to visit. In most cases, instead of your local network provider seeing the host name you want to visit, it is sent in an encrypted tunnel to Cloudflare.

Every host name lookup should be resolved to an address the same way, regardless of how you access it.

HOWEVER!! IMPORTANT!!

DNS resolution occurs BEFORE the page request is sent to the destination web server. DNS over HTTPS doesn't change how page requests are sent AT ALL.

If you want to shield your requests from your network service provider(s), you will need other tools such as a VPN.

Brummelchen
 
Posts: 4530
Joined: March 19th, 2005, 10:51 am

Post Posted October 1st, 2019, 10:34 am


sandeep108
 
Posts: 211
Joined: February 19th, 2005, 3:19 am

Post Posted October 2nd, 2019, 12:27 am

jscher2000 wrote:Every host name lookup should be resolved to an address the same way, regardless of how you access it.

Thanks for your very concise response. Does the DoH also occur when going to websites/webpages using links on any webpage?

jscher2000 wrote:HOWEVER!! IMPORTANT!!

DNS resolution occurs BEFORE the page request is sent to the destination web server. DNS over HTTPS doesn't change how page requests are sent AT ALL.

If you want to shield your requests from your network service provider(s), you will need other tools such as a VPN.


I really don't need a VPN and if I do not, probably DoH is not really required either - seems a halfway solution, while adding risks relating to Cloudflare

jscher2000

User avatar
 
Posts: 10715
Joined: December 19th, 2004, 12:26 am
Location: Silicon Valley, CA USA

Post Posted October 2nd, 2019, 1:54 pm

sandeep108 wrote:
jscher2000 wrote:Every host name lookup should be resolved to an address the same way, regardless of how you access it.

Thanks for your very concise response. Does the DoH also occur when going to websites/webpages using links on any webpage?


Yes, because the first step in connecting is to look up the address. So DoH applies to those lookups, too.

sandeep108 wrote:
jscher2000 wrote:HOWEVER!! IMPORTANT!!

DNS resolution occurs BEFORE the page request is sent to the destination web server. DNS over HTTPS doesn't change how page requests are sent AT ALL.

If you want to shield your requests from your network service provider(s), you will need other tools such as a VPN.


I really don't need a VPN and if I do not, probably DoH is not really required either - seems a halfway solution, while adding risks relating to Cloudflare


You don't need a VPN because you don't care if your service provider knows what sites you visit? In that case, you probably do not need DoH either because it is intended to shield that same exact information.

You might feel differently about that choice on different networks (home versus work versus airport vs café), so it's nice to have the option.

sandeep108
 
Posts: 211
Joined: February 19th, 2005, 3:19 am

Post Posted October 3rd, 2019, 1:39 am

jscher2000 wrote:You might feel differently about that choice on different networks (home versus work versus airport vs café), so it's nice to have the option.

Thanks again for your prompt response. Yes I am not bothered about my ISP as such, but yes of course public networks are another matter. So on balance DoH is better off enabled as advised as it may be difficult to remember to keep enabling/disabling.

Grumpus

User avatar
 
Posts: 12208
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted October 7th, 2019, 5:19 am

Add these to your reading DoH over https
. . . and this DoH over https 2
Cashless society sacrifices independence, privacy and lastly liberty, encouraged by ignorance and villainy.

Return to Firefox Support


Who is online

Users browsing this forum: No registered users and 12 guests