Are you using DNS over HTTPS?

  • Yes

    Votes: 15 50.0%
  • No

    Votes: 5 16.7%
  • Yes with Encrypted SNI

    Votes: 10 33.3%
  • Total voters
    30
  • Poll closed .

JoyousBudweiser

Level 9
Verified
Now that windows and most browsers supports dns over https how many of you are using dns over https? If you are using firefox you can enable Encrypted SNI by using this guide
  1. In your browser, navigate to about:config;
    [*]Type network.security.esni.enabled
    [*]Select the toggle button to the right of false to true
If you want to check whether you are using secure dns, DNSSEC, TLS 1.3 and Encrypted SNI you can visit Cloudflare ESNI Checker | Cloudflare and test your browser accordingly.

My test on firefox....
Untitled-1.jpg
 
Last edited:

cliffspab

Level 3
It works for all DoH supported DNS but that website only shows secure DNS status for Cloudflare DNS because it's owned by Cloudflare 😒

Ah sorry, I didn't see the bit about Firefox at the top

I was just referring to the website, which is only useful if you choose cloudflare.

NextDNS, which I use, also confirms via their dashboard whether you're set up right.
 

SeriousHoax

Level 32
Verified
Encrypted sni feature only works with firefox and with cloudflare dns as this is a standard pioneerd by cloudflare.
Hmm I know about that as I use Firefox myself. But the first one on that list Secure DNS is not related to ESNI and only shows secured if you use Cloudflare.
Ah sorry, I didn't see the bit about Firefox at the top

I was just referring to the website, which is only useful if you choose cloudflare.

NextDNS, which I use, also confirms via their dashboard whether you're set up right.
Right. But there needs to be another website where everyone can check their DoH/DOT status regardless of the provider.
 

JoyousBudweiser

Level 9
Verified
But there needs to be another website where everyone can check their DoH/DOT status regardless of the provider.
Ya I feel too. Are there nothing? Strange!
A self check can be done if you are using windows 10 by observing traffic at Port 53.
 
Last edited:

SeriousHoax

Level 32
Verified
Ya I feel too. Are there nothing? Strange!
A self check can be done if you are using windows 10 by observing traffic at Port 53.
I saw this article few days ago when searching for something alternative to the cloudflare testing website. But this method works for system wide DoH only. It's not possible to check it on browser level. MS has implemented DoH on insider preview and there are tools like SimpleDnsCrypt for easily implementing DoH system wide so the method above would work in those scenarios.
 

TairikuOkami

Level 29
Verified
Content Creator
Ya I feel too. Are there nothing? Strange!
I guess, that is the general idea, if it is secured, it can not be checked, that would be like MITM. Tenta test can show, if DoT is enabled and that is about it.
I can check, if DNS requests are being sent via the expected port and hope, that it is encrypted. :)
 

Attachments

  • capture_06012020_185241.jpg
    capture_06012020_185241.jpg
    277.7 KB · Views: 82

JoyousBudweiser

Level 9
Verified
I saw this article few days ago when searching for something alternative to the cloudflare testing website. But this method works for system wide DoH only. It's not possible to check it on browser level. MS has implemented DoH on insider preview and there are tools like SimpleDnsCrypt for easily implementing DoH system wide so the method above would work in those scenarios.
Doh system wide can be enabled via registry editor in 2004 edition.
 

SeriousHoax

Level 32
Verified
Doh system wide can be enabled via registry editor in 2004 edition.
Is not it available only since the next version, build 196xx?
Right, build 19628 is required at least. Current build with Windows 10 2004 is, 19041.264.
If you use Adguard DNS you may test here Adguard DNS
I know about it too but this doesn't show the DoH/DoT status :confused:
My poor router don't have this feature.
 
Last edited:
Top