by Martin Brinkmann on September 11, 2019 in Google Chrome – Last Update: September 11, 2019 – 4 comments
Google revealed plans to test the company’s implementation of DNS over HTTPS (DoH) in Chrome 78. DNS over HTTPS aims to improve security and privacy of DNS requests by utilizing HTTPS. The current stable version of Chrome is 77 released on September 10, 2019.
Google notes that DoH prevents other WiFi users from seeing visited websites; common attacks such as spoofing or pharming could potentially be prevented by using DoH.
Google decided to test the DoH implementation in a different way than Mozilla. Mozilla selected Cloudflare as its partner in the testing phase and will use Cloudflare as the default provider when it rolls out the feature to US users in late September 2019.
Firefox users have options to change the DNS over HTTPS provider or turn off the feature entirely in the browser.
Google’s DNS over HTTPS plan
Google picked a different route for the test. The company decided to test the implementation using multiple DoH providers. The company could have used its own DoH service for the tests but decided to select multiple providers instead.
Tests will upgrade Chrome installations to use DoH if the DNS service that is used on the system supports DoH. Google circumnavigates any criticism in regards to privacy that Mozilla faced when it announced the partnership with Cloudflare.
Google selected the cooperating providers for “their strong stance on security and privacy” and “readiness of their DoH services” and agreement to participate in the test.
The following providers were picked by the company:
- Cleanbrowsing
- Cloudflare
- DNS.SB
- OpenDNS
- Quad9
If Chrome runs on a system that uses one of these services for DNS, it will start using DoH instead when Chrome 78 launches.
The experiment will run on all platforms for a fraction of Chrome users with the exception of Chrome on Linux and iOS. Chrome will revert to the regular DNS service in the case of errors.
Most managed Chrome deployments will be excluded from the experiment, and Google plans to provide details on DoH policies on the company’s Chrome Enterprise blog before release to provide administrators with information on configuring those.
Chrome users may use the flag chrome://flags/#dns-over-http to opt in or out of the experiment. The flag is not integrated in any version of the Chrome browser yet.
Secure DNS lookups
Enables DNS over HTTPS. When this feature is enabled, your browser may try to use a secure HTTPS connection to look up the addresses of websites and other web resources. – Mac, Windows, Chrome OS, Android
Closing Words
Most Chromium-based browsers and Firefox will start to use DNS over HTTPS in the near future. Firefox provides options to disable the feature and Chrome comes with an experimental flag that offers the same. Experimental flags may be removed at one point in the future however and it is unclear at this point whether Google plans to add a switch to Chrome’s preference to enable or disable the feature.
Now You: What is your take on DoH?