How to enable DNS-over-HTTPS (DoH) in Google Chrome

[correlate]

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
You can now enable support for the privacy-focused DNS-over-HTTPS (DoH) protocol in Google Chrome using a command-line argument.

The procedure is complicated, but this step-by-step guide can help users set up DoH support in Chrome, and make sure it's up and running correctly.
WHAT IS DNS-OVER-HTTPS AND HOW DOES IT WORK?
DNS-over-HTTPS is a relatively new web protocol, being around for only two years.

It works just like the original DNS protocol, meaning its main purpose is to take a domain name (e.g. zdnet.com) that a user types in a browser and send a query to a DNS server to learn the numerical IP address of the web server that hosts that website.

But while the classic DNS protocol makes this request in plaintext, for everyone to see, DoH packages its DNS queries as encrypted HTTPS traffic.

The primary benefit of DoH is that the protocol hides DNS requests and responses in the giant stream of HTTPS traffic that moves across the internet each second. This means third-party observers can't look at DNS requests to guess what a user might be trying to access.
Click to expand...

www.zdnet.com

How to enable DNS-over-HTTPS (DoH) in Google Chrome

A step by step guide to enable DNS-over-HTTPS (DoH) support in the Chrome browser.
www.zdnet.com www.zdnet.com
 
  • Like
  • Thanks
  • Applause
Reactions: Venustus, oldschool, brambedkar59 and 7 others
DeepWeb

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
People say that the whole encrypted SNI thing is something only Cloudflare is pushing to get control over and that we should oppose. Too bad there is no way to add this on Chrome OS unless you go into full Developer Mode and compromise your security. :/ Waiting for the flag.
 
  • Like
Reactions: Handsome Recluse, cryogent, Venustus and 4 others
SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,633
Stas said:
It works but Firefox can encrypt SNI
Click to expand...
Do you often get this error with ESNI enabled on some sites? For me this happens on MalwareTips and some other websites. I can visit the sites after clicking Try Again.
Fire.PNG
 
  • Like
Reactions: Venustus, oldschool, Burrito and 3 others
Nightwalker

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
SeriousHoax said:
Do you often get this error with ESNI enabled on some sites? For me this happens on MalwareTips and some other websites. I can visit the sites after clicking Try Again.
View attachment 224181
Click to expand...

Are you using a third party antivirus solution that scans SSL connections? I had this kind of error with Kaspersky when SNI encryption was enabled.
 
  • Like
Reactions: Venustus, oldschool, Burrito and 4 others
SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,633
DeepWeb said:
Never seen this error before. I would say something is messing with the handshake. Or did you remove/disable any certificates? What DNS are you using?
Click to expand...
No, did nothing with certificates. Seems to happen on most sites that are depended on Cloudflare but then again not for every sites only a few. I'm using Next DNS on my router which is also set on Firefox as DoH. Changing DoH of Firefox to something else doesn't fix it either. Once I click Try again I can freely visit the site without any problem.
 
  • Like
Reactions: Venustus, [correlate], oldschool and 3 others
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,763
SeriousHoax said:
No this is not SSL scan related but not sure why this happens with ESNI enabled. I'm using Windows Defender at the moment so that's not the case.
Click to expand...
What DNS service are you using? When I was using DNS over TLS on an ASUS router a lot of the services would have timeouts that were too low and it would cause the resolution to error out.
 
  • Like
Reactions: Venustus, [correlate], oldschool and 1 other person
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,763
SeriousHoax said:
I'm using NextDNS
Click to expand...
Yeah, the only service I got to work properly with DoT without having timeouts causing failures was Cloudflare. I don't think that Merlin had put NextDNS in his firmware at that point, but I tested all the ones he did. I don't know if DoH has the same issues or not, but it seems like the trouble I was running into.
 
  • Like
Reactions: Venustus, [correlate], Handsome Recluse and 2 others
SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,633
blackice said:
Yeah, the only service I got to work properly with DoT without having timeouts causing failures was Cloudflare. I don't think that Merlin had put NextDNS in his firmware at that point, but I tested all the ones he did. I don't know if DoH has the same issues or not, but it seems like the trouble I was running into.
Click to expand...
This happens only on Firefox with ESNI enabled. So my particular problem is maybe Firefox related. But not everyone is having this issue so it's confusing.
 
  • Like
Reactions: Venustus, [correlate], oldschool and 3 others
DeepWeb

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
SeriousHoax said:
No, did nothing with certificates. Seems to happen on most sites that are depended on Cloudflare but then again not for every sites only a few. I'm using Next DNS on my router which is also set on Firefox as DoH. Changing DoH of Firefox to something else doesn't fix it either. Once I click Try again I can freely visit the site without any problem.
Click to expand...
Maaaaan. nextDNS has been buggy as heck for me lol. But good luck with everything.
 
  • Like
Reactions: Venustus, [correlate] and oldschool
Burrito

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Interesting topic @Correlate.

The primary benefit of DoH is that the protocol hides DNS requests and responses in the giant stream of HTTPS traffic that moves across the internet each second. This means third-party observers can't look at DNS requests to guess what a user might be trying to access.
Click to expand...

I like it. But I'm not willing to do too much to get it... it would just be a nice-to-have.

As @DeepWeb stated... I'll wait for the flag... or other easy-peasy way to implement it.
 
  • Like
  • Thanks
Reactions: Handsome Recluse, cryogent, Venustus and 4 others

Similar threads

silversurfer
    • Like
ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC
Replies
0
Views
1,047
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
    • Thanks
Malware News Proxy Trojan Targets macOS Users for Traffic Redirection
Replies
1
Views
1,038
Security News
simmerskool
simmerskool
Gandalf_The_Grey
    • Wow
    • Like
    • +Reputation
Security News ExpressVPN bug has been leaking some DNS requests for years
Replies
0
Views
863
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top