How to enable DNS-over-HTTPS (DoH) in Google Chrome

[Terry Ganzi]

Do you often get this error with ESNI enabled on some sites? For me this happens on MalwareTips and some other websites. I can visit the sites after clicking Try Again.
View attachment 224181

Do you have adguard the desktop version on your pc if you have it then look no further that's the culprit, you will have to go in settings and change ev certificate settings, If you don't have it then there is where my help ends, because you said you are running windows defender and that does not do that, it's a certificate clash error.

 

[SeriousHoax]

Do you have adguard the desktop version on your pc if you have it then look no further that's the culprit, you will have to go in settings and change ev certificate settings, If you don't have it then there is where my help ends, because you said you are running windows defender and that does not do that, it's a certificate clash error.

Thanks but no, I don't use Adguard desktop. Anyway that issue was fixed a long time ago. No problem now.

 

[South Park]

try this?

How to Enable DNS Over HTTPS in Google Chrome

Chrome supports DNS over HTTPS (DoH), but it's not enabled by default yet. Here's how to turn it on.

www.howtogeek.com

It didn't work, even when I changed the DNS in Windows and flushed DNS, etc. Chromium still managed to completely bypass the network adapter setting and continued using my un-secure and un-private ISP's DNS. This is a deal-breaker, unfortunately.

 

[South Park]

It didn't work, even when I changed the DNS in Windows and flushed DNS, etc. Chromium still managed to completely bypass the network adapter setting and continued using my un-secure and un-private ISP's DNS. This is a deal-breaker, unfortunately.

I tried it again with Nirsoft's DNS switcher, and discovered that Edge legacy also completely ignores the Windows 10 DNS setting and uses the ISP's DNS. Apparently the flag to set a custom DNS was removed from Chromium 81, so it will probably disappear from Slimjet too. This, and the ability to use ESNI (which Chromium still doesn't support), leaves Firefox as the best option for DNS privacy at the present time.

 

[South Park]

I tried it again with Nirsoft's DNS switcher, and discovered that Edge legacy also completely ignores the Windows 10 DNS setting and uses the ISP's DNS. Apparently the flag to set a custom DNS was removed from Chromium 81, so it will probably disappear from Slimjet too. This, and the ability to use ESNI (which Chromium still doesn't support), leaves Firefox as the best option for DNS privacy at the present time.

I've done some more research on this. The command-line switches seem to have been removed from Chromium 81, but the devs say they plan to add a DoH setting in the Privacy and Security section of the UI at some point. (I did not see any such setting in a build of Chromium 84 that I tested today.)

I believe my DNS situation is somewhat unique because my only Internet access is currently through hotel WiFi which uses a captive portal to log in. I believe this is why my custom Windows 10 DNS settings are bypassed, but not the browser-level settings. (The captive portal works fine in Firefox, even with custom DoH and no fallback allowed.)

 

[DSD27]

Should we all enable this?

 

[South Park]

Should we all enable this?

I'd say yes, especially if you don't trust your ISP or its privacy policies. If DoH is properly implemented (like it is on the Firefox browser), you can choose a no-logging DNS provider like Quad9 or AdGuard DNS. (I use Quad9 on FF.)

I should note that some people feel that DoH isn't secure enough or that a lack of DNS providers could centralize the Internet, but I don't share their concerns.

 

[blackice]

I'd say yes, especially if you don't trust your ISP or its privacy policies. If DoH is properly implemented (like it is on the Firefox browser), you can choose a no-logging DNS provider like Quad9 or AdGuard DNS. (I use Quad9 on FF.)

I should note that some people feel that DoH isn't secure enough or that a lack of DNS providers could centralize the Internet, but I don't share their concerns.

Your ISP still sees every IP you connect through their firewall to without a VPN.

 

[South Park]

Your ISP still sees every IP you connect through their firewall to without a VPN.

I know it's not a perfect solution, but it makes it a little bit more difficult for the ISP to block websites or do bulk collection. With ESNI (enabled on Cloudflare-hosted sites), I think the ISP can only see the IP address connected to, rather than the actual domain name.

 

[blackice]

I know it's not a perfect solution, but it makes it a little bit more difficult for the ISP to block websites or do bulk collection. With ESNI (enabled on Cloudflare-hosted sites), I think the ISP can only see the IP address connected to, rather than the actual domain name.

I was using 3rd party dns for years. But with a recent issue with my router it’s not working right. It got me wondering if I wanted to add yet another company the the pot of people who have access to my browsing. Like you said the ISP is always going to know the first IP you’re connecting to. Just another company to be lying or get breached. Just thinking out loud.

 

[DSD27]

I'd say yes, especially if you don't trust your ISP or its privacy policies. If DoH is properly implemented (like it is on the Firefox browser), you can choose a no-logging DNS provider like Quad9 or AdGuard DNS. (I use Quad9 on FF.)

I should note that some people feel that DoH isn't secure enough or that a lack of DNS providers could centralize the Internet, but I don't share their concerns.

Nince, I use Quad9 too, on my router.