» ISP News » 

Google Chrome Joins Firefox – Soft Defaults to DNS over HTTPS

Wednesday, May 20th, 2020 (12:49 pm) - Score 9,000

The latest version (v83) of Google’s popular Chrome website browser has finally made its new ‘Secure DNS’ feature available to all, which by “default … will automatically upgrade you” to use their DNS-over-HTTPS (DoH) service. But in order to placate concerns it only does this if your current broadband ISP supports it.

At present most Domain Name System (DNS) requests, which turn Internet Protocol (IP) addresses into human readable domain names like ISPreview.co.uk and back again, are still unencrypted and this makes it easy for your internet service provider to snoop, filter (e.g. block websites / parental controls etc.) and even optimise some aspects of your internet connectivity (e.g. better direction of traffic for Content Delivery Networks etc.).

By comparison the DNS-over-HTTPS (DoH) system encrypts DNS requests by sending them over the common HTTPS protocol for websites. On the one hand this is a welcome security and privacy improvement. On the other hand big ISPs and governments are concerned that wide-scale adoption by major third-parties (e.g. website browser software that enables it by default) could disrupt some of their services (as above).

Mozilla’s rival Firefox browser initially took most of the flak for this approach after they introduced a Cloudflare based DoH system by default in the USA, although concerns raised by ISPs and the UK Government later resulted in them saying that they had “no plans” to do the same over here (here). But you can still optionally enable it or choose a custom DoH server.

We’ve covered all of this quite a lot before (here and here) and at one point the ISPA even controversially labelled Mozilla as an “Internet Villain” for their aspiration to enable the feature by default (i.e. taking DNS requests away from ISPs and making it harder to intercept them in the traffic flow), which was promptly withdrawn following a backlash (here).

Now it’s Chrome’s turn to enter the fray, which is arguably much more significant given their status as the largest web browser. However, the approach taken by Google is a softer one, which only enables DoH (Secure DNS) if your current internet provider supports it.

Google’s Statement for Chrome v83

We’re also launching Secure DNS, a feature designed to improve your security and privacy while browsing the web. When you access a website, your browser first needs to determine which server is hosting it, using a step known as a “DNS (Domain Name System) lookup.” Chrome’s Secure DNS feature uses DNS-over-HTTPS to encrypt this step, thereby helping prevent attackers from observing what sites you visit or sending you to phishing websites.

By default, Chrome will automatically upgrade you to DNS-over-HTTPS if your current service provider supports it. You can also configure a different secure DNS provider in the Advanced security section, or disable the feature altogether.

At present none of the major broadband providers have launched their own DoH solution to replace unencrypted DNS, although BT have conducted trials (here) and so have some smaller providers like AAISP (here). Much like Firefox, users of Google’s Chrome browser can also optionally add their own choice of DoH server to the browser and use that if they prefer.

Naturally ISPs that don’t need to filter, manipulate or snoop on DNS traffic will find it much easier to establish their own DoH solutions in the future. In the meantime if you do choose to enable DoH then just remember that it may break certain features on the bigger broadband and mobile operators, some of which may have a negative impact on your experience, but you can always disable it if that happens.

Leave a Comment
9 Responses
  1. Avatar joe says:

    Kinda feel C ought to tell you if it doesn’t.

    “By default, Chrome will automatically upgrade you to DNS-over-HTTPS if your current service provider supports it.”

    1. Avatar Gavin says:

      There must be a way to tell inside Chrome if its not using DoH ?

      The Chrome approach seems extremely weak. If I was to alter the setting and my ISP doesnt support it then I assume it wouldn’t work?

    2. Avatar Andrew Campling says:

      The auto-upgrade facility is intended to work with participating DNS resolvers, so will not affect the vast majority of connections just yet. And it won’t work with ISPs that use CPE-based DNS forwarders with private IP addresses at the moment – a technical proposal for this has recently been developed and put forward for consideration by client software developers including Google.

      It does have a significant advantage over the auto-upgrade approach used by Mozilla in North America though in that it will not move you to a different DNS operator without your knowledge. This should ensure that any additional capabilities that your DNS operator provides, such as malware filtering or parental controls will be unaffected.

      You will of course be able to manually set your preferred DNS option if the auto-upgrade isn’t to your liking. Or you can wait for DoH support in Windows 10, which is currently available for testing through the Windows Insider programme.

  2. Avatar joe says:

    @gavin there must be but not in a way any casual user would know. will obviously tell you but thats not much help.

  3. Avatar Mike says:

    Or just use a VPN and forger all about it.

    1. Avatar Spurple says:

      Lol. Keep telling yourself that.

  4. Avatar alex says:

    Glad to see this has finally been added

  5. Avatar Kaitlyn says:

    So, I’ve used Google’s public DNS for 8 years now, setting it in my router so that I don’t need to do it on all of my devices. Does that mean I would get DoH, or no?

    Funnily enough, the reason I switched away from my ISP’s service at the time wasn’t privacy concerns or anything of the sort, but rather that their DNS service would just start timing out once every week or so, usually at the weekend.

    Even though I’ve switched ISPs multiple times since then, I still just use because it’s much simpler overall, and I don’t really want to give myself the hassle of seeing if similar availability problems show up either.

    1. Avatar Andrew Campling says:

      Whether you will automatically be moved to DoH when using Chrome depends on your setup and that of your ISP.

      Your router may well be acting as a DNS forwarder, using a private IP address, an IPv6 link local or unique local address. If so, any hosts in your local network will be configured with a DNS resolver of the IP address of your router rather than the actual public IP address of the ISP resolver.

      If that how your setup works then the auto-upgrade mechanism used in Chrome will not function because the browser software has no specific information about the actual resolver being used in order to determine whether to move to DoH.

      As I said, it all depends, but I doubt you’ll benefit from the auto-upgrade approach and will need to amend the settings in Chrome- you’ll have to do this for any other relevant applications software anyway until Windows 10 adds support for DoH in the full release. This is one of the disadvantages of applications determining DNS settings rather than relying on the operating system.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Vodafone £22.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • Hyperoptic £22.00
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Onestream £22.49 (*29.99)
    Avg. Speed 45Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • Plusnet £22.99 (*36.52)
    Avg. Speed 36Mbps, Unlimited
    Gift: £55 Reward Card
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. FTTP (2812)
  2. BT (2791)
  3. FTTC (1790)
  4. Building Digital UK (1759)
  5. Politics (1687)
  6. Openreach (1641)
  7. Business (1454)
  8. FTTH (1341)
  9. Statistics (1250)
  10. Mobile Broadband (1249)
  11. 4G (1076)
  12. Fibre Optic (1071)
  13. Wireless Internet (1035)
  14. Ofcom Regulation (1028)
  15. Virgin Media (1017)
  16. EE (708)
  17. Vodafone (680)
  18. Sky Broadband (674)
  19. TalkTalk (672)
  20. 5G (534)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact