Google plans to test DNS over HTTPS in Chrome 78

Martin Brinkmann
Sep 11, 2019
Updated • Sep 11, 2019
Google Chrome
|
19

Google revealed plans to test the company's implementation of DNS over HTTPS (DoH) in Chrome 78. DNS over HTTPS aims to improve security and privacy of DNS requests by utilizing HTTPS. The current stable version of Chrome is 77 released on September 10, 2019.

Google notes that DoH prevents other WiFi users from seeing visited websites; common attacks such as spoofing or pharming could potentially be prevented by using DoH.

Google decided to test the DoH implementation in a different way than Mozilla. Mozilla selected Cloudflare as its partner in the testing phase and will use Cloudflare as the default provider when it rolls out the feature to US users in late September 2019.

Firefox users have options to change the DNS over HTTPS provider or turn off the feature entirely in the browser.

Google's DNS over HTTPS plan

Google picked a different route for the test. The company decided to test the implementation using multiple DoH providers. The company could have used its own DoH service for the tests but decided to select multiple providers instead.

Tests will upgrade Chrome installations to use DoH if the DNS service that is used on the system supports DoH. Google circumnavigates any criticism in regards to privacy that Mozilla faced when it announced the partnership with Cloudflare.

Google selected the cooperating providers for "their strong stance on security and privacy" and "readiness of their DoH services" and agreement to participate in the test.

The following providers were picked by the company:

If Chrome runs on a system that uses one of these services for DNS, it will start using DoH instead when Chrome 78 launches.

The experiment will run on all platforms for a fraction of Chrome users with the exception of Chrome on  Linux and iOS. Chrome will revert to the regular DNS service in the case of errors.

Most managed Chrome deployments will be excluded from the experiment, and Google plans to provide details on DoH policies on the company's Chrome Enterprise blog before release to provide administrators with information on configuring those.

Chrome users may use the flag chrome://flags/#dns-over-http to opt in or out of the experiment. The flag is not integrated in any version of the Chrome browser yet.

chrome secure dns lookup

Secure DNS lookups

Enables DNS over HTTPS. When this feature is enabled, your browser may try to use a secure HTTPS connection to look up the addresses of websites and other web resources. – Mac, Windows, Chrome OS, Android

Closing Words

Most Chromium-based browsers and Firefox will start to use DNS over HTTPS in the near future. Firefox provides options to disable the feature and Chrome comes with an experimental flag that offers the same. Experimental flags may be removed at one point in the future however and it is unclear at this point whether Google plans to add a switch to Chrome's preference to enable or disable the feature.

Now You: What is your take on DoH?

Summary
Google plans to test DNS over HTTPS in Chrome 78
Article Name
Google plans to test DNS over HTTPS in Chrome 78
Description
Google revealed plans to test the company's implementation of DNS over HTTPS (DoH) in Chrome 78. DNS over HTTPS aims to improve security and privacy of DNS requests by utilizing HTTPS.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. dw said on October 29, 2019 at 5:58 pm
    Reply

    why my chrome doh keep failing , and i need to restart the chrome every once in a while to make the doh working . Anyone have the same issues ? . i enable dns over https on chrome://flags/#dns-over-https , on my network configuration i put 1.1.1.1 and 1.0.0.1 on dns option. i check whether my doh is working by go to this site https://1.1.1.1/help . Everything ok but on 10 to 15 minutes while browsing the dns is failing and revert back to my isp dns , and I need to restart the chrome to make the doh working again.

    1. Dilemma said on November 3, 2019 at 2:35 pm
      Reply

      @dw I found something similar. https://1.1.1.1/help would report I wasn’t using DOH after some time and I would have to reload chrome to fix for a short period. I decided to switch to DNS over TLS (DOT) using a little program on the windows store called Littledot. Might be good if Martin could review this.

  2. Ping Pong Playa said on September 11, 2019 at 7:39 pm
    Reply

    If you could trust these companies there might be some merit in DoH for an average user but if you’ve been paying any attention lately you can not trust them. Professionals are not interested in a browser taking over OS level functions. This is a privacy and security nightmare. Hackers can now focus on browsers instead of the OS. Also, personally I’m not interested in beta testing software or participating in a “Testing Phase”, its too much of a risk. I have never used chrome but I only install the enterprise version for hold outs. Another concerning issue is not having any choice in the matter. Browsers are becoming more complex each year and configuring privacy and security is a major hassle since changes are rolled out continuously, even worse is when google or mozilla removes the ability to make changes. Browsers are in a downward spiral as far as privacy and security are concerned. In a few years people will begin to understand what is happening and privacy centric browsers will become more popular.

  3. John Doe said on September 11, 2019 at 6:18 pm
    Reply

    Yandex Browser and Bromite (Android) has implemented this long long time ago.

  4. ULBoom said on September 11, 2019 at 3:13 pm
    Reply

    Doesn’t that hideous bouncing Omnibar thing copy everything you enter ostensibly to give faster search results? FF’s can too.

    Trust a free decrytor? Sure. The providers chosen by Google all collect user data.

    With so many ways for browsers to intercept requests and sites to redirect requests, after data is encrypted and as long as it stays that way, it’s secure. Before and after, it’s not. Makes little sense for Google, who dominates by far, online ad serving to give it up revenue.

    When will MS enter the BS race to confuse users with TL; DR esoterica?

  5. Ascrod said on September 11, 2019 at 2:08 pm
    Reply

    How exactly does Chrome detect the system DNS provider?

    IMO browsers shouldn’t be doing anything with DNS, or VPN, or any other network gatekeeping. That should be an OS-level thing.

  6. mike said on September 11, 2019 at 1:37 pm
    Reply

    this is how DoH in the browser should be done. google respects the OS dns settings, while mozilla simply overwrites them and forces users to use cloudflare.

    1. Tom said on September 11, 2019 at 3:36 pm
      Reply

      That’s not true at all.

      1. Once Chrome enables DoH by default it will, of course, override the OS setting as well. Otherwise it wouldn’t make sense.
      2. Also Mozilla won’t enable DoH under all circumstances.
      3. You can change the DoH provider or disable DoH in the visible Firefox settings, no hidden interface (about:config / flags) is needed

      “mozilla simply forces users to use cloudflare” is a lie.

      1. mike said on September 11, 2019 at 6:26 pm
        Reply

        guys, read the article. google detects the default DNS provider and tries to upgrade the connection within the same provider. it does not interfere with the DNS provider itself.

        mozilla, on the other hand, chooses cloudflare as the default provider.

    2. Tom Hawack said on September 11, 2019 at 2:32 pm
      Reply

      @mike, not really. As recalled in the article, “Firefox users have options to change the DNS over HTTPS provider or turn off”, and Cloudflare is only the default provider. Of course, one can consider the amount of users who never change nor even consider changing default settings, but the choice is available and, after all, users are mature (at least should be proportionally to their age) or otherwise be considered not being taken by the hand for the best is relevant of dishonesty. As always liberty versus assistantship.

    3. iponymous said on September 11, 2019 at 2:20 pm
      Reply

      In Mozilla Firefox one can change the DoH setting from “Cloudflare to “Custom” and then use whatever DoH capable DNS service one wishes.

  7. Yuliya said on September 11, 2019 at 11:10 am
    Reply

    Bad. The OS alone should handle DNS, not your glorified text renderer.

    1. ULBoom said on September 11, 2019 at 3:16 pm
      Reply

      Yup. OS, third party software, etc., not browser. Not the door into and out of the Internet.

    2. sam said on September 11, 2019 at 2:38 pm
      Reply

      Yeah, OSs should have this capability out of the box. OSs, even open platform like Linux, sucks in this department.

      1. John Fenderson said on September 11, 2019 at 5:17 pm
        Reply

        @sam:

        Linux isn’t configured to do this out of the box for technical reasons, but it’s not difficult to set it up to use any of the encrypted DNS lookup systems.

  8. Light_and_Flight said on September 11, 2019 at 10:03 am
    Reply

    I am from Russia and there is terrible censorship and there is no freedom of speech.
    DoH will help me bypass censorship and maintain at least some privacy.

    Thanks to technology companies for helping to breathe in 404 countries.

  9. Tarmin said on September 11, 2019 at 9:56 am
    Reply

    This is how it looks like —

    https://i.gyazo.com/c13f78aaa42abe91b3d14ffa3120385a.png

    Version 79.0.3908.2 (Official Build) (64-bit)

    1. Martin Brinkmann said on September 11, 2019 at 10:01 am
      Reply

      Interesting. Do you think that flag is only enabled if one of the supported DNS providers is used?

      1. Tarmin said on September 11, 2019 at 10:34 am
        Reply

        I manually enabled the flag All new changes always get integrated in Chromium first, not Chrome. If you want to test it, get Chromium.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.