Chrome How to enable DNS-over-HTTPS (DoH) in Google Chrome

Correlate

Level 16
Verified
May 4, 2019
721
You can now enable support for the privacy-focused DNS-over-HTTPS (DoH) protocol in Google Chrome using a command-line argument.

The procedure is complicated, but this step-by-step guide can help users set up DoH support in Chrome, and make sure it's up and running correctly.
WHAT IS DNS-OVER-HTTPS AND HOW DOES IT WORK?
DNS-over-HTTPS is a relatively new web protocol, being around for only two years.

It works just like the original DNS protocol, meaning its main purpose is to take a domain name (e.g. zdnet.com) that a user types in a browser and send a query to a DNS server to learn the numerical IP address of the web server that hosts that website.

But while the classic DNS protocol makes this request in plaintext, for everyone to see, DoH packages its DNS queries as encrypted HTTPS traffic.

The primary benefit of DoH is that the protocol hides DNS requests and responses in the giant stream of HTTPS traffic that moves across the internet each second. This means third-party observers can't look at DNS requests to guess what a user might be trying to access.

 

DeepWeb

Level 25
Verified
Jul 1, 2017
1,421
People say that the whole encrypted SNI thing is something only Cloudflare is pushing to get control over and that we should oppose. Too bad there is no way to add this on Chrome OS unless you go into full Developer Mode and compromise your security. :/ Waiting for the flag.
 

SeriousHoax

Level 34
Verified
Mar 16, 2019
2,331
It works but Firefox can encrypt SNI
Do you often get this error with ESNI enabled on some sites? For me this happens on MalwareTips and some other websites. I can visit the sites after clicking Try Again.
Fire.PNG
 

Nightwalker

Level 21
Verified
Trusted
Content Creator
May 26, 2014
1,035
Do you often get this error with ESNI enabled on some sites? For me this happens on MalwareTips and some other websites. I can visit the sites after clicking Try Again.
View attachment 224181

Are you using a third party antivirus solution that scans SSL connections? I had this kind of error with Kaspersky when SNI encryption was enabled.
 

SeriousHoax

Level 34
Verified
Mar 16, 2019
2,331
Never seen this error before. I would say something is messing with the handshake. Or did you remove/disable any certificates? What DNS are you using?
No, did nothing with certificates. Seems to happen on most sites that are depended on Cloudflare but then again not for every sites only a few. I'm using Next DNS on my router which is also set on Firefox as DoH. Changing DoH of Firefox to something else doesn't fix it either. Once I click Try again I can freely visit the site without any problem.
 

blackice

Level 28
Verified
Apr 1, 2019
1,732
No this is not SSL scan related but not sure why this happens with ESNI enabled. I'm using Windows Defender at the moment so that's not the case.
What DNS service are you using? When I was using DNS over TLS on an ASUS router a lot of the services would have timeouts that were too low and it would cause the resolution to error out.
 

blackice

Level 28
Verified
Apr 1, 2019
1,732
Yeah, the only service I got to work properly with DoT without having timeouts causing failures was Cloudflare. I don't think that Merlin had put NextDNS in his firmware at that point, but I tested all the ones he did. I don't know if DoH has the same issues or not, but it seems like the trouble I was running into.
 

SeriousHoax

Level 34
Verified
Mar 16, 2019
2,331
Yeah, the only service I got to work properly with DoT without having timeouts causing failures was Cloudflare. I don't think that Merlin had put NextDNS in his firmware at that point, but I tested all the ones he did. I don't know if DoH has the same issues or not, but it seems like the trouble I was running into.
This happens only on Firefox with ESNI enabled. So my particular problem is maybe Firefox related. But not everyone is having this issue so it's confusing.
 

DeepWeb

Level 25
Verified
Jul 1, 2017
1,421
No, did nothing with certificates. Seems to happen on most sites that are depended on Cloudflare but then again not for every sites only a few. I'm using Next DNS on my router which is also set on Firefox as DoH. Changing DoH of Firefox to something else doesn't fix it either. Once I click Try again I can freely visit the site without any problem.
Maaaaan. nextDNS has been buggy as heck for me lol. But good luck with everything.
 

Burrito

Level 24
May 16, 2018
1,366
Interesting topic @Correlate.

The primary benefit of DoH is that the protocol hides DNS requests and responses in the giant stream of HTTPS traffic that moves across the internet each second. This means third-party observers can't look at DNS requests to guess what a user might be trying to access.

I like it. But I'm not willing to do too much to get it... it would just be a nice-to-have.

As @DeepWeb stated... I'll wait for the flag... or other easy-peasy way to implement it.
 
Top