Is there a plan to implement DNS over HTTPS?

Brass Contributor

I gather it is possible to enable it in Chrome by adding some extra runes on the command line, that didn't appear to work on Edge-dev. I don't have Chrome installed, obviously.

 

Cloudflare has a handy page to test it https://1.1.1.1/help

 

I've had my DNS entry set to 1.1.1.1 for a while now, it seems quick and reliable, in addition to the 65,000 entries in my hosts file (resolving ad servers to 127.0.0.1), web pages load pretty darn quick.

23 Replies
I hope Microsoft adds DoH to the Edge insider too. it's gonna make it more secure.

though using Hosts file to block ads is not a good idea for everyone. totally useless when i use VPN or proxy or anything like that. they can Easily bypass the Windows Hosts file. also hard to keep it updated, everyday a new domain pops up in the list: https://filterlists.com

@HotCakeX Agreed the hosts file isn't the ideal method, its part of a "defence in depth" approach. The advertrivia mongers, scammers and hackers are always always trying something new.

My ideal browser would resolve via DNS over https, load the web page via https after checking the cert in depth - not just expiry date. It would block all tracking cookies, etc etc. The list goes on.

 

I can't do it all myself, I have to rely on browser / OS developers to do it, and not rely on advertising revenue. If that means PAYING for software, fair enough (Gasp shock horror!)

...

@LegacyOfherot 

 

For the sake of security then i hope you're always using the latest Windows version.
the current version of Windows security (a.k.a Microsoft Defender) has got everything needed for any consumer to stay safe.
but you know, using VPN is also very important for security and anonymity.

Microsoft Edge insider is very close to your ideal browser. you can turn on the tracker prevention and set it to balanced, then install ublock origin extension to block ads, malware, malicious links, prevent WebRTC IP leaks, block online embedded crypto miners in websites etc.

the advantage of using ublock origin extension over Hosts file is that it's the best extension in its category, uses the least system resources and can update the filters list with just a press of button. And no VPN or Proxy can bypass that.

it's so good that even TOR has incorporated it into their browser and Tails security OS.

@HotCakeX Yes, I ensure all our PCs are up to date (Windows itself updates, often at inopportune moments.) In a previous life, I was the software dev manager at a small outfit, it was a constant juggle between keeping our machines up to date, while developing software that would run OK on customer's desktops / servers - it took a couple of years to convince one customer to upgrade their browsers from IE7 to IE 9 / 10... Corporate sysadmins are often very resistant to change - if it ain't broke etc.

 

Defender does seem pretty good now, I also worked for Symantec, not in the Norton division, but we did get to try out dogfood versions of Norton 123 etc. I remember having a transatlantic call with a manager in the US as he was driving to work, I suggested they should use more modal dialogs - I sent a screenshot with 30 odd dialogs open, all offering "Ok", "Cancel" and "Save"  buttons... :)

 

I also agree about VPNs - I use Opera quite a lot, with its built-in VPN and private mode, though of course they are now owned by China ltd, so its debatable how secure it is.

Yeah it's been a struggle, though they added more appropriate options in Windows update to have more control over it.

few years ago Windows Defender would be at the bottom of the AV comparison charts but today it sits at top with big players such as Kaspersky which is literally the best. (ignore the lies thrown at that company, they were actually the first one to identify the Stuxnet virus!)

yeah VPNs, just like everything else on the Internet, provides relative security. all you can do is to decide which company (or government) can have your Data. if you reside in the U.S then your ISP (National Security Agency eventually) has access and if you use VPN like Opera's, China will have your data.
now whichever you prefer is merely up to you. the absolute 100% security is unplugging all Internet connected devices and going in the basement :D

@LegacyOfherot 

Hi,

it's been added, Secure DNS or DNS over HTTPS

 

Edge Insider Canary Version 78.0.276.0 (Official build) canary (64-bit)

 

flag name: "Secure DNS lookups"

 

Annotation 2019-09-16 133434.png

 

Hi All,

This browser keeps getting better & better, I used to use UBlock Origin extension HotCakeX mentioned, but now I use this instead : https://adguard.com/en/welcome.html . It's free & you get the 'full' version as a 'trial' for 14 day's, but after that time period, you really don't lose hardly any of the 'important' feature's.

David

@HotCakeX Has this by chance come to the Dev build yet? I'm not seeing that in 79.0.294.1. Just want to make sure I'm not missing something.

Ublock origin is better. unlike other adblockers, ublock origin doesn't get money from ad companies to let their ads slide through and any other dirty tactics.

adguard is useless and charges for the features that are already free in ublock origin.

 

there is nothing you can do in other ad blockers that ublock origin can't already do. it's so good that even TOR company uses it in their secure browser. i'm just stating the facts here hoping no one falls for lies that companies like adguard claim.

 

here is also the site for filters: https://filterlists.com/

they can block a lot more than just ads, including but not limited to bit coin miners embedded in websites, malware etc

 

@geek2point0 

 

Hi,

I just checked in Edge insider Version 79.0.294.1 (Official build) dev (64-bit)

and Secure DNS lookups flag is missing in it.

@HotCakeX that's odd because I see it in my BETA version.

 

edge://flags/#dns-over-https

Version 79.0.309.18

@Zyply I'm on DEV 80.0.320.5 and oddly it's still missing. The only DNS related setting I have is "Anonymize local IPs exposed by WebRTC".

@Zyply 


@Zyply wrote:

@HotCakeX that's odd because I see it in my BETA version.

 

edge://flags/#dns-over-https

Version 79.0.309.18


 

That's normal. what's odd about it?

it was first added in version 78 so it's normal to see it in version 79 too :)

I have it on Version 80.0.331.0 (Official build) canary (64-bit) right now as well

I hope that DoH is going to be implemented in the final release of Microsoft Edge as a standard setting, and not a hidden one. Some marketing of it may be well deserved. :D

Hi,

If you know how to use the experimental 'flags' area, you can already enable it function in there.  edge://flags/

Thanks @Davy49 this is a very old post, it has been available for a month or two (and I've had it enabled since it was introduced.) No issues so far, seems flawless and quick.

@LegacyOfherot I don't even see this option for this in the Flags under Version 84.0.522.44 (Official build) (64-bit) or Version 85.0.564.13 (Official build) dev (64-bit). Is there something that needs to be done to view the flag so that it can be enabled?

@geek2point0 in mine its the first entry in the list: (Edge - dev)

I checked it works using the cloudflare test page (https://1.1.1.1/help)

Its not available in "production" edge as of today.

DNSoverHTTPS.png