DNS over HTTPS

[sandeep108]

I have enabled DNS over HTTPS using the default Cloudflare DNS server. Everything seems to be working fine. I wish to know whether only the url I type in the address bar goes through the DNS/HTTPS or whether any url accessed either through the homepage, Google search or other links also use the DNS over HTTPS as per my settings. To reiterate, when I click any link in FF will it go through Cloudflare or only the urls I type in the address bar. What about using autocomplete in the address bar?

[jscher2000]

DNS is the system that matches host names (like forums.mozillazine.org) to IP addresses, which are used for routing traffic on the internet. Usually Firefox asks your OS to do the lookup, and your OS asks your network provider.

DNS over HTTPS changes how Firefox looks up the IP addresses corresponding to host names you want to visit. In most cases, instead of your local network provider seeing the host name you want to visit, it is sent in an encrypted tunnel to Cloudflare.

Every host name lookup should be resolved to an address the same way, regardless of how you access it.

HOWEVER!! IMPORTANT!!

DNS resolution occurs BEFORE the page request is sent to the destination web server. DNS over HTTPS doesn't change how page requests are sent AT ALL.

If you want to shield your requests from your network service provider(s), you will need other tools such as a VPN.

[Brummelchen]

all about DoH
https://support.mozilla.org/en-US/kb/fi ... over-https

about:config?filter=trr

https://wiki.mozilla.org/Trusted_Recursive_Resolver

if you dont trust CF
https://www.quad9.net/doh-quad9-dns-servers/

[sandeep108]

Every host name lookup should be resolved to an address the same way, regardless of how you access it.

Thanks for your very concise response. Does the DoH also occur when going to websites/webpages using links on any webpage?

HOWEVER!! IMPORTANT!!

DNS resolution occurs BEFORE the page request is sent to the destination web server. DNS over HTTPS doesn't change how page requests are sent AT ALL.

If you want to shield your requests from your network service provider(s), you will need other tools such as a VPN.

I really don't need a VPN and if I do not, probably DoH is not really required either - seems a halfway solution, while adding risks relating to Cloudflare

[jscher2000]

Every host name lookup should be resolved to an address the same way, regardless of how you access it.

Thanks for your very concise response. Does the DoH also occur when going to websites/webpages using links on any webpage?

Yes, because the first step in connecting is to look up the address. So DoH applies to those lookups, too.

HOWEVER!! IMPORTANT!!

DNS resolution occurs BEFORE the page request is sent to the destination web server. DNS over HTTPS doesn't change how page requests are sent AT ALL.

If you want to shield your requests from your network service provider(s), you will need other tools such as a VPN.

I really don't need a VPN and if I do not, probably DoH is not really required either - seems a halfway solution, while adding risks relating to Cloudflare

You don't need a VPN because you don't care if your service provider knows what sites you visit? In that case, you probably do not need DoH either because it is intended to shield that same exact information.

You might feel differently about that choice on different networks (home versus work versus airport vs café), so it's nice to have the option.

[sandeep108]

You might feel differently about that choice on different networks (home versus work versus airport vs café), so it's nice to have the option.

Thanks again for your prompt response. Yes I am not bothered about my ISP as such, but yes of course public networks are another matter. So on balance DoH is better off enabled as advised as it may be difficult to remember to keep enabling/disabling.

[Grumpus]

Add these to your reading DoH over https
. . . and this DoH over https 2