Menu
What's new
By:
Filters Better Search

Windows 10 will implement DNS DoH in version 21H1

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

KevTech said:
I turn this off in Firefox as it tends to cause issues for me.

DoH did not really come out like they thought it would.

www.zdnet.com

DNS-over-HTTPS causes more problems than it solves, experts say

Several experts, companies, and national entities have voiced very convincing concerns about DoH and its features.
www.zdnet.com www.zdnet.com
Click to expand...


I shut it down in Opera and Chrome for the same reasons, total disaster and I will decide what DNS I use, not some developer who thinks he/she has a bright idea.
 
As DoH becomes more prevalent I guess there needs to be a list created of all the possible DoH server addresses so that they can be blocked by the router. Similar to the ad-block lists we use today.

I think there's only a few DoH providers at the moment (Cloudflare, Google, Quad9 and NextDNS are the ones that come to mind), but no doubt the number will grow. Does anyone know whether such a list is being compiled?
 
ColinTaylor said:
As DoH becomes more prevalent I guess there needs to be a list created of all the possible DoH server addresses so that they can be blocked by the router. Similar to the ad-block lists we use today.

I think there's only a few DoH providers at the moment (Cloudflare, Google, Quad9 and NextDNS are the ones that come to mind), but no doubt the number will grow. Does anyone know whether such a list is being compiled?
Click to expand...
There's a reasonably comprehensive list here:
github.com

GitHub - oneoffdallas/dohservers: A list of publicly available DNS over HTTPS (DoH) servers

A list of publicly available DNS over HTTPS (DoH) servers - oneoffdallas/dohservers
github.com github.com
 
I guess, the reason why Google wants this is so that they can hardcode their own servers (and bypass any system DNS settings), hereby know EVERYTHING you're doing.
 
Poul Bak said:
I guess, the reason why Google wants this is so that they can hardcode their own servers (and bypass any system DNS settings), hereby know EVERYTHING you're doing.
Click to expand...
Well they already hard code their own DNS servers into Android OS so they don't want anybody else taking that information away from them.
 
I use DNS over TLS instead on my pFsense box along with a rule on it that redirects all DNS queries from client devices through CloudFlare’s IPv4/6 DNS primary/secondary servers. This way I also don’t need to worry about manually changing browser DoH settings. Firefox uses CloudFlare I believe. As for Chrome makes sense for Google to use their own service.
 
avtella said:
As for Chrome makes sense for Google to use their own service.
Click to expand...

Chrome do give a choice of settings/providers.

Chrome-secure-DNS-settings.png
 
Yes I am aware, but I don’t need to do any of that, the redirect rule on my firewall applies to all my clients. I meant it makes sense for Google to default to their own DNS servers on Chrome from a business perspective.
 
avtella said:
a rule on it that redirects all DNS queries from client devices through CloudFlare’s IPv4/6 DNS primary/secondary servers.
Click to expand...
I do this as well with a Pfsense rule that works for client DNS inquiries sent on the standard port 53. If the client is using DOH, that is encrypted at the client and goes out on port 443 along with all other encrypted web traffic so the router cannot redirect the DNS request. I really don't mind as the DNS inquiry is still encrypted and that is the whole point anyway
 
Google uses port 853 for DNS over TLS and falls back to 53 without security if that fails, if I recall. Their DoH is 443.
 
weird. wasn't enabled on my browsers. seems they default to system proxy? I use a vpn on most of my machines otherwise cloudflare with dnsec. but I plan on trying out pi-hole with dnscrypt. The windows feature definitely sounds like limiting choices and purposely leaking data imo, especially if it defaults on.
 
You must log in or register to reply here.

Similar threads

D
News Windows Wi-Fi Driver Remote Code Execution Vulnerability CVE-2024-30078
Replies
2
Views
2K
Wallace_n_Gromit
Wallace_n_Gromit
D
News Windows build 2024 and Ai Recall - Security Risk
Replies
2
Views
732
Deleted member 77025
D
D
Solved Windows 11 updates won't download attempted disabling router settings.
Replies
18
Views
2K
DJones
D
C
After 10 years DSL suddenly stopped working, Verizon tech support worthless?
2
Replies
23
Views
1K
jzchen
J
Preskitt.man
DNS Issue?? AX5800 Pro Issue??
Replies
2
Views
317
bbunge
bbunge
Similar threads
Thread starter Title Forum Replies Date
S Is there good VPN tunnel plain DNS filtering software for Windows? General Network Security 2
D News Windows Wi-Fi Driver Remote Code Execution Vulnerability CVE-2024-30078 General Network Security 2
D News Windows build 2024 and Ai Recall - Security Risk General Network Security 2
bbunge Microsoft plans to lock down Windows DNS - ZTDNS General Network Security 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 700 (members: 16, guests: 684)
Top