Advice Request Are you using DNS over HTTPS? - Test using Cloudflare Browsing Security Check

Please provide comments and solutions that are helpful to the author of this topic.

Are you using DNS over HTTPS?

  • Yes

    Votes: 15 50.0%
  • No

    Votes: 5 16.7%
  • Yes with Encrypted SNI

    Votes: 10 33.3%

  • Total voters
    30
  • Poll closed .

Brahman

Level 16
Thread author
Verified
Top Poster
Well-known
Aug 22, 2013
799
Now that windows and most browsers supports dns over https how many of you are using dns over https? If you are using firefox you can enable Encrypted SNI by using this guide
  1. In your browser, navigate to about:config;
    [*]Type network.security.esni.enabled
    [*]Select the toggle button to the right of false to true
If you want to check whether you are using secure dns, DNSSEC, TLS 1.3 and Encrypted SNI you can visit Cloudflare ESNI Checker | Cloudflare and test your browser accordingly.

My test on firefox....
Untitled-1.jpg
 
Last edited:

cliffspab

Level 4
Verified
Well-known
Oct 4, 2019
175
It works for all DoH supported DNS but that website only shows secure DNS status for Cloudflare DNS because it's owned by Cloudflare 😒

Ah sorry, I didn't see the bit about Firefox at the top

I was just referring to the website, which is only useful if you choose cloudflare.

NextDNS, which I use, also confirms via their dashboard whether you're set up right.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Encrypted sni feature only works with firefox and with cloudflare dns as this is a standard pioneerd by cloudflare.
Hmm I know about that as I use Firefox myself. But the first one on that list Secure DNS is not related to ESNI and only shows secured if you use Cloudflare.
Ah sorry, I didn't see the bit about Firefox at the top

I was just referring to the website, which is only useful if you choose cloudflare.

NextDNS, which I use, also confirms via their dashboard whether you're set up right.
Right. But there needs to be another website where everyone can check their DoH/DOT status regardless of the provider.
 

Brahman

Level 16
Thread author
Verified
Top Poster
Well-known
Aug 22, 2013
799
But there needs to be another website where everyone can check their DoH/DOT status regardless of the provider.
Ya I feel too. Are there nothing? Strange!
A self check can be done if you are using windows 10 by observing traffic at Port 53.
 
Last edited:

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Ya I feel too. Are there nothing? Strange!
A self check can be done if you are using windows 10 by observing traffic at Port 53.
I saw this article few days ago when searching for something alternative to the cloudflare testing website. But this method works for system wide DoH only. It's not possible to check it on browser level. MS has implemented DoH on insider preview and there are tools like SimpleDnsCrypt for easily implementing DoH system wide so the method above would work in those scenarios.
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Ya I feel too. Are there nothing? Strange!
I guess, that is the general idea, if it is secured, it can not be checked, that would be like MITM. Tenta test can show, if DoT is enabled and that is about it.
I can check, if DNS requests are being sent via the expected port and hope, that it is encrypted. :)
 

Attachments

  • capture_06012020_185241.jpg
    capture_06012020_185241.jpg
    277.7 KB · Views: 413

Brahman

Level 16
Thread author
Verified
Top Poster
Well-known
Aug 22, 2013
799
I saw this article few days ago when searching for something alternative to the cloudflare testing website. But this method works for system wide DoH only. It's not possible to check it on browser level. MS has implemented DoH on insider preview and there are tools like SimpleDnsCrypt for easily implementing DoH system wide so the method above would work in those scenarios.
Doh system wide can be enabled via registry editor in 2004 edition.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Doh system wide can be enabled via registry editor in 2004 edition.
Is not it available only since the next version, build 196xx?
Right, build 19628 is required at least. Current build with Windows 10 2004 is, 19041.264.
If you use Adguard DNS you may test here Adguard DNS
I know about it too but this doesn't show the DoH/DoT status :confused:
My poor router don't have this feature.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top