Google for DOH ?

Steel Contributor

Hello,

I have reported it and i ask you to do the same because i have found out that the DOH services check if the DOH work by calling "google.com" and if it doesn't work or respond it tell "check if ...", i dont think a Microsoft product can call a Google domain for any reason, i think edge must try it's connection to a Microsoft domain.

Even when it come to try internet connection.

20 Replies
Not sure what you are talking about exactly, it's vague
DoH services don't need to check google

what is the exact reproducing steps?

@HotCakeX First you forbid the doh to resolve google.com domain, after that you flush all dns caches in the doh, your computer and you restart the browser.

You enter you DOH in edge settings and read you log (from the doh) you will see.

image.png

 

and on edge it will refuse your doh with the error : 

image.png

 

How to forbit DoH to resolve google.com domain? you mean blocking google.com in Windows hosts file?

I sometimes see that error message but after few seconds it disappears, I use cloudflare DNS.

"after that you flush all dns caches in the doh,"
you mean running ipconfig /flushdns command in Windows or something else?

No actually it appen if you have the control of the DOH (it's my case) and with an config error (i have blocked google instead of adsense.google.com, i have seen my doh don't worked anymore.
So to reproduce you must have a DOH server in your control (you can try with nextdns and block google.com).
For actual note, i use this DOH i have created with adguard home, to enhance my addon (by blocking google domain, i can "try" my next version of my extension who "intercept" and redirect Google CDN content to another CDN (for testing i use cloudflare but it can change to azure CDN).
and i think microsoft have fogotten to change the DOH testing from google to microsoft.
in that case I hope they get all the details in this thread in order to understand the problem and find a way to fix it
they have the source code, so if i report "if google is blocked on the doh server the doh server is refused by edge why do you use google and not microsoft ?", the dev can check directly in the source code the url used for validation.
and they must have tool to easily block a specific url to the browser for testing report.
Yeah, I just hope they understand it easily in one report, because when I first read it, I didn't know exactly what was going on
https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/...

Just to let you know that there is a Google DNS Server and Edge has it prelisted as wel. I dont' see why it can't? SInce people use google

i will try my best to simplify what's the bug.
So think you want to add your own DOH provider who filter ads i will name it dns.lol.com
now think that dns.lol.com block google.com too because the owner of lol.com is chinese and he can't use google.com so he prefert to block it totally.
When you will enter manually "https://dns.lol.com/dns-query" (don't add it it's a fictive url) in edge, it will refuse the adresse since his test to check if the DOH work it's to resolve google.com.
So i want to tell them to replace google.com (for the test of resolve) by a microsoft owned domain.

So it is a dns server that blocks stuff? I dont' know how to reproduce this though, cmd prompt?/??

tomorrow i will do a step to step tutorial to reproduce it will be easier for you all to reproduce

Okay, thank you
"https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/...

Just to let you know that there is a Google DNS Server and Edge has it prelisted as wel. I dont' see why it can't? SInce people use google"

That's really not the same thing the OP is talking about. these links can be misleading to the reader.

This is cleaned up now, no need to post a new thread. 

Reminder to be civil and keep threads on topic.

If you see a rule breaking comment, please report it so the moderators can address it. 

i have found out why he can refuse to activate doh, it's if it respond nxdomain to Google, but it would be nice to use msftconnecttest.com (like w10) for the connectivity testing of the DOH than google.com :\
i Hope they will not do the same in the windows 10 version of DOH (because if the OS do DOH i don't see why activate it in the browser ^^)
thanks for the cleaning ^^
You can test it in Windows insider Dev builds right now,
I don't have a DNS server setup at the moment to try it out, I mean I can do that with a virtual Windows server + DNS server role, but need more precise instructions for the reproducing steps :)

Hey Macqael, I still dont' understand the issue and how to reproduce. Are you still making the video?