DNS over HTTPS with Firefox


  1. Posts : 10,929
    Win10 x64
       #1

    DNS over HTTPS with Firefox


    If you are tired of your DNS requests being looked at, or if you just want to encrypt all your Firefox DNS traffic:

    This works in all up to date and beta/nightly versions as of 67.0.4

    With Firefox open, click on the DNS over HTTPS with Firefox-menu-thingy.png
    and then click Options.

    Scroll all the way down to the bottom where it says Network Settings
    DNS over HTTPS with Firefox-options.png


    Click on Settings and look at the bottom for these two:
    DNS over HTTPS with Firefox-settings.png


    Check the box to Enable DNS over HTTPS and then select Cloudflare as your Provider.

    Click OK and then close Firefox, and once you reopen it, your DNS will go over HTTPS unless Cloudflare is down, then it will default back to regular.
      My Computer


  2. Posts : 349
    Windows 10
       #2

    Unfortunately, the DNS over HTTPS protocol can also be used by malware to encrypt DNS requests.

    First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol | ZDNet
      My Computer


  3. Posts : 9,765
    Mac OS Catalina
       #3

    Your ISP will still see that traffic.
      My Computer


  4. Posts : 5,442
    Windows 11 Home
       #4

    bro67 said:
    Your ISP will still see that traffic.
    ISP will see, to what domain/webpage is user connecting, but not the exact address or the search.

    1 linux malware using an encrypted DNS and thousands malware abusing a normal DNS.
      My Computer


  5. Posts : 349
    Windows 10
       #5

    TairikuOkami said:
    1 linux malware using an encrypted DNS and thousands malware abusing a normal DNS.

    True. But now malware can hide what it's doing, thus making it harder to detect.
      My Computer


  6. Posts : 5,442
    Windows 11 Home
       #6

    Ground Sloth said:
    True. But now malware can hide what it's doing, thus making it harder to detect.
    True, this the reason, I really do not like DoH, since it uses regular traffic via port 443, allowed by default. I am not very fond of DoT either, it also uses TCP, so they are both deceptible to MITM. UDP is just that, UDP, hardly exploitable. The problem is the implementation, people can use something like simplednscrypt, but in order to use it, they have to set 127.0.0.1 as DNS server and by that they allow DNS traffic for every software within Windows, potential malware included. My browser has dnscrypt integrated, so I use it just for it alone and I use normal unecrypted DNS for the rest. I am not looking forward to the new protocol QUIC replacing UDP (Google's idea, duh, like evil HTML5) with basically a less secure TCP, a dream come true for every hacker out there. They talk about some nonsense, like UDP being unreliable, I do not recall a single UDP packet ever being lost, we are not in 90s anymore, but they need some excuse to bring this new hell upon us.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:20.
Find Us




Windows 10 Forums