Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Chrome 83: rollout of DNS over HTTPS (Secure DNS) begins
#1
Information 
Quote:
[Image: secure-dns-test.png]

Google started the rollout of DNS over HTTPS yesterday in Chrome Stable with the release of Chrome 83 Stable to the public.

The company calls it Secure DNS. DNS lookups are unencrypted by default; this means that DNS may be used to track the sites that an Internet user opens.

Additionally, since it is unencrypted, bad actors may exploit it to manipulate or tamper with the connection, e.g. for phishing purposes.

DNS over HTTPS attempts to address this by encrypting DNS lookups. It uses HTTPS for that and that means that these lookups are more secure and private.

DNS lookups cannot be used for monitoring a user's activity on the Internet anymore and bad actors cannot manipulate DNS responses for attacks.

Tip: Recent Windows 10 Insider Builds support DNS over HTTPs on the operating system level. All applications with Internet connectivity benefit from this if it is enabled.

Google made the decision to implement DNS over HTTPS in Chrome. The company decided that it would not interfere with the existing DNS setup of a system.

Instead, it decided that it would use DNS over HTTPS in Chrome if the DNS servers that are set on the system support it.

In other words: the DNS settings are not changed. Another benefit of the approach is that certain add-ons, e.g. family safety protections or malware filtering, remain active.

Chrome will fall back to regular (unencrypted) DNS if issues are noticed during lookups. The browser won't use Secure DNS at all if parental controls are active on Windows systems or if certain Enterprise policies are set. New policies are available to enable DNS over HTTPS in managed environments.

Two of the main policies are:

Dns​Over​Https​Mode
-- Controls the mode of DNS-over-HTTPS (Chrome 78 and newer)
 
Quote:off = Disable DNS-over-HTTPS
automatic = Enable DNS-over-HTTPS with insecure fallback
secure = Enable DNS-over-HTTPS without insecure fallback

Dns​Over​Https​Templates -- Specify URI template of desired DNS-over-HTTPS resolver (Chrome 80 and newer)
 
Quote:The URI template of the desired DNS-over-HTTPS resolver. To specify multiple DNS-over-HTTPS resolvers, separate the corresponding URI templates with spaces.

If the DnsOverHttpsMode is set to "secure" then this policy must be set and not empty.

If the DnsOverHttpsMode is set to "automatic" and this policy is set then the URI templates specified will be used; if this policy is unset then hardcoded mappings will be used to attempt to upgrade the user's current DNS resolver to a DoH resolver operated by the same provider.

If the URI template contains a dns variable, requests to the resolver will use GET; otherwise requests will use POST.

Chrome users may enable DNS over HTTPS in Chrome right away. The rollout may take weeks or even months to reach certain devices. If you don't want to wait that long, do the following to enable the feature in Chrome right away (restrictions still apply):
  1. Load chrome://flags/#dns-over-https in the browser's address bar.
  2. Set the experimental flag to Enabled.
  3. Restart Chrome
Note that you may need to change the DNS servers on the device as they need to support Secure DNS. Google DNS, Cloudflare, Quad9, and Cleanbrowsing all support Secure DNS.

Tip: you can use Cloudflare's Browser Experience Security Check to test if Secure DNS is enabled in the browser.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>