DNS over HTTPS
-
- Posts: 212
- Joined: February 19th, 2005, 3:19 am
DNS over HTTPS
I have enabled DNS over HTTPS using the default Cloudflare DNS server. Everything seems to be working fine. I wish to know whether only the url I type in the address bar goes through the DNS/HTTPS or whether any url accessed either through the homepage, Google search or other links also use the DNS over HTTPS as per my settings. To reiterate, when I click any link in FF will it go through Cloudflare or only the urls I type in the address bar. What about using autocomplete in the address bar?
- jscher2000
- Posts: 11772
- Joined: December 19th, 2004, 12:26 am
- Location: Silicon Valley, CA USA
- Contact:
Re: DNS over HTTPS
DNS is the system that matches host names (like forums.mozillazine.org) to IP addresses, which are used for routing traffic on the internet. Usually Firefox asks your OS to do the lookup, and your OS asks your network provider.
DNS over HTTPS changes how Firefox looks up the IP addresses corresponding to host names you want to visit. In most cases, instead of your local network provider seeing the host name you want to visit, it is sent in an encrypted tunnel to Cloudflare.
Every host name lookup should be resolved to an address the same way, regardless of how you access it.
HOWEVER!! IMPORTANT!!
DNS resolution occurs BEFORE the page request is sent to the destination web server. DNS over HTTPS doesn't change how page requests are sent AT ALL.
If you want to shield your requests from your network service provider(s), you will need other tools such as a VPN.
DNS over HTTPS changes how Firefox looks up the IP addresses corresponding to host names you want to visit. In most cases, instead of your local network provider seeing the host name you want to visit, it is sent in an encrypted tunnel to Cloudflare.
Every host name lookup should be resolved to an address the same way, regardless of how you access it.
HOWEVER!! IMPORTANT!!
DNS resolution occurs BEFORE the page request is sent to the destination web server. DNS over HTTPS doesn't change how page requests are sent AT ALL.
If you want to shield your requests from your network service provider(s), you will need other tools such as a VPN.
-
- Posts: 4480
- Joined: March 19th, 2005, 10:51 am
Re: DNS over HTTPS
all about DoH
https://support.mozilla.org/en-US/kb/fi ... over-https
about:config?filter=trr
https://wiki.mozilla.org/Trusted_Recursive_Resolver
if you dont trust CF
https://www.quad9.net/doh-quad9-dns-servers/
https://support.mozilla.org/en-US/kb/fi ... over-https
about:config?filter=trr
https://wiki.mozilla.org/Trusted_Recursive_Resolver
if you dont trust CF
https://www.quad9.net/doh-quad9-dns-servers/
-
- Posts: 212
- Joined: February 19th, 2005, 3:19 am
Re: DNS over HTTPS
Thanks for your very concise response. Does the DoH also occur when going to websites/webpages using links on any webpage?jscher2000 wrote:Every host name lookup should be resolved to an address the same way, regardless of how you access it.
I really don't need a VPN and if I do not, probably DoH is not really required either - seems a halfway solution, while adding risks relating to Cloudflarejscher2000 wrote:HOWEVER!! IMPORTANT!!
DNS resolution occurs BEFORE the page request is sent to the destination web server. DNS over HTTPS doesn't change how page requests are sent AT ALL.
If you want to shield your requests from your network service provider(s), you will need other tools such as a VPN.
- jscher2000
- Posts: 11772
- Joined: December 19th, 2004, 12:26 am
- Location: Silicon Valley, CA USA
- Contact:
Re: DNS over HTTPS
Yes, because the first step in connecting is to look up the address. So DoH applies to those lookups, too.sandeep108 wrote:Thanks for your very concise response. Does the DoH also occur when going to websites/webpages using links on any webpage?jscher2000 wrote:Every host name lookup should be resolved to an address the same way, regardless of how you access it.
You don't need a VPN because you don't care if your service provider knows what sites you visit? In that case, you probably do not need DoH either because it is intended to shield that same exact information.sandeep108 wrote:I really don't need a VPN and if I do not, probably DoH is not really required either - seems a halfway solution, while adding risks relating to Cloudflarejscher2000 wrote:HOWEVER!! IMPORTANT!!
DNS resolution occurs BEFORE the page request is sent to the destination web server. DNS over HTTPS doesn't change how page requests are sent AT ALL.
If you want to shield your requests from your network service provider(s), you will need other tools such as a VPN.
You might feel differently about that choice on different networks (home versus work versus airport vs café), so it's nice to have the option.
-
- Posts: 212
- Joined: February 19th, 2005, 3:19 am
Re: DNS over HTTPS
Thanks again for your prompt response. Yes I am not bothered about my ISP as such, but yes of course public networks are another matter. So on balance DoH is better off enabled as advised as it may be difficult to remember to keep enabling/disabling.jscher2000 wrote:You might feel differently about that choice on different networks (home versus work versus airport vs café), so it's nice to have the option.
- Grumpus
- Posts: 13246
- Joined: October 19th, 2007, 4:23 am
- Location: ... Da' Swamp
Re: DNS over HTTPS
Doesn't matter what you say, it's wrong for a toaster to walk around the house and talk to you