Firefox Starts Rolling Out Encrypted DNS

Forum Moderators: open

Message Too Old, No Replies

Firefox Starts Rolling Out Encrypted DNS

engine

4:51 pm on Feb 25, 2020 (gmt 0)

Firefox is rolling out encrypted DNS over HTTPS (DoH) by default for U.S. users, and it plans to continue this roll-out over the coming weeks, assuming no problems.

We’re enabling DoH by default only in the US. If you’re outside of the US and would like to enable DoH, you’re welcome to do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear. By default, this change will send your encrypted DNS requests to Cloudflare.

Users can choose between Cloudflare and NextDNS.

[blog.mozilla.org...]

JS_Harris

6:12 pm on Feb 25, 2020 (gmt 0)

Cloudflare or nextdns, so if both of those have issues will the entire net crash for firefox users?

Is there no way to do this without needing yet another 3rd party involved?

lammert

6:25 pm on Feb 25, 2020 (gmt 0)

Cloudflare offers one of the largest public DNS Resolvers through its 1.1.1.1 IP address. Firefox has chosen them and NextDNS because they have a strict privacy policy. But having said that, DNS over HTTPS is slower and more resource-intensive than regular UDP DNS. And Cloudflare and NextDNS are both based in the US and therefore subject to FISA court orders.

So while this DNS over HTTPS tunneling may prevent third parties from looking at your DNS queries, the central tunneling of all Firefox DNS requests through two US-based nodes creates an interesting opportunity for governmental intelligence gathering.

foxmailhe

4:52 am on Feb 26, 2020 (gmt 0)

Encrypted DNS will not be turned on by default in certain cases, such as when Firefox detects that enterprise policies have been set on the device

RedBar

11:10 am on Feb 26, 2020 (gmt 0)

Are they seriously calling it DoH ? :-)