Home
 » ISP News » 
Sponsored Links

Google Chrome Joins Firefox – Soft Defaults to DNS over HTTPS

Wednesday, May 20th, 2020 (12:49 pm) - Score 9,448
google_chrome_logo_website_browser

The latest version (v83) of Google’s popular Chrome website browser has finally made its new ‘Secure DNS’ feature available to all, which by “default … will automatically upgrade you” to use their DNS-over-HTTPS (DoH) service. But in order to placate concerns it only does this if your current broadband ISP supports it.

At present most Domain Name System (DNS) requests, which turn Internet Protocol (IP) addresses into human readable domain names like ISPreview.co.uk and back again, are still unencrypted and this makes it easy for your internet service provider to snoop, filter (e.g. block websites / parental controls etc.) and even optimise some aspects of your internet connectivity (e.g. better direction of traffic for Content Delivery Networks etc.).

By comparison the DNS-over-HTTPS (DoH) system encrypts DNS requests by sending them over the common HTTPS protocol for websites. On the one hand this is a welcome security and privacy improvement. On the other hand big ISPs and governments are concerned that wide-scale adoption by major third-parties (e.g. website browser software that enables it by default) could disrupt some of their services (as above).

Mozilla’s rival Firefox browser initially took most of the flak for this approach after they introduced a Cloudflare based DoH system by default in the USA, although concerns raised by ISPs and the UK Government later resulted in them saying that they had “no plans” to do the same over here (here). But you can still optionally enable it or choose a custom DoH server.

We’ve covered all of this quite a lot before (here and here) and at one point the ISPA even controversially labelled Mozilla as an “Internet Villain” for their aspiration to enable the feature by default (i.e. taking DNS requests away from ISPs and making it harder to intercept them in the traffic flow), which was promptly withdrawn following a backlash (here).

Now it’s Chrome’s turn to enter the fray, which is arguably much more significant given their status as the largest web browser. However, the approach taken by Google is a softer one, which only enables DoH (Secure DNS) if your current internet provider supports it.

Google’s Statement for Chrome v83

We’re also launching Secure DNS, a feature designed to improve your security and privacy while browsing the web. When you access a website, your browser first needs to determine which server is hosting it, using a step known as a “DNS (Domain Name System) lookup.” Chrome’s Secure DNS feature uses DNS-over-HTTPS to encrypt this step, thereby helping prevent attackers from observing what sites you visit or sending you to phishing websites.

By default, Chrome will automatically upgrade you to DNS-over-HTTPS if your current service provider supports it. You can also configure a different secure DNS provider in the Advanced security section, or disable the feature altogether.

At present none of the major broadband providers have launched their own DoH solution to replace unencrypted DNS, although BT have conducted trials (here) and so have some smaller providers like AAISP (here). Much like Firefox, users of Google’s Chrome browser can also optionally add their own choice of DoH server to the browser and use that if they prefer.

Naturally ISPs that don’t need to filter, manipulate or snoop on DNS traffic will find it much easier to establish their own DoH solutions in the future. In the meantime if you do choose to enable DoH then just remember that it may break certain features on the bigger broadband and mobile operators, some of which may have a negative impact on your experience, but you can always disable it if that happens.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Mark-Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and .
Search ISP News
Search ISP Listings
Search ISP Reviews
Comments
9 Responses
  1. Avatar photo joe says:

    Kinda feel C ought to tell you if it doesn’t.

    “By default, Chrome will automatically upgrade you to DNS-over-HTTPS if your current service provider supports it.”

    1. Avatar photo Gavin says:

      There must be a way to tell inside Chrome if its not using DoH ?

      The Chrome approach seems extremely weak. If I was to alter the setting and my ISP doesnt support it then I assume it wouldn’t work?

    2. Avatar photo Andrew Campling says:

      @Gavin
      The auto-upgrade facility is intended to work with participating DNS resolvers, so will not affect the vast majority of connections just yet. And it won’t work with ISPs that use CPE-based DNS forwarders with private IP addresses at the moment – a technical proposal for this has recently been developed and put forward for consideration by client software developers including Google.

      It does have a significant advantage over the auto-upgrade approach used by Mozilla in North America though in that it will not move you to a different DNS operator without your knowledge. This should ensure that any additional capabilities that your DNS operator provides, such as malware filtering or parental controls will be unaffected.

      You will of course be able to manually set your preferred DNS option if the auto-upgrade isn’t to your liking. Or you can wait for DoH support in Windows 10, which is currently available for testing through the Windows Insider programme.

  2. Avatar photo joe says:

    @gavin there must be but not in a way any casual user would know.

    https://1.1.1.1/help will obviously tell you but thats not much help.

  3. Avatar photo Mike says:

    Or just use a VPN and forger all about it.

    1. Avatar photo Spurple says:

      Lol. Keep telling yourself that.

  4. Avatar photo alex says:

    Glad to see this has finally been added

  5. Avatar photo Kaitlyn says:

    So, I’ve used Google’s public DNS for 8 years now, setting it in my router so that I don’t need to do it on all of my devices. Does that mean I would get DoH, or no?

    Funnily enough, the reason I switched away from my ISP’s service at the time wasn’t privacy concerns or anything of the sort, but rather that their DNS service would just start timing out once every week or so, usually at the weekend.

    Even though I’ve switched ISPs multiple times since then, I still just use 8.8.8.8 because it’s much simpler overall, and I don’t really want to give myself the hassle of seeing if similar availability problems show up either.

    1. Avatar photo Andrew Campling says:

      @Kaitlyn
      Whether you will automatically be moved to DoH when using Chrome depends on your setup and that of your ISP.

      Your router may well be acting as a DNS forwarder, using a private IP address, an IPv6 link local or unique local address. If so, any hosts in your local network will be configured with a DNS resolver of the IP address of your router rather than the actual public IP address of the ISP resolver.

      If that how your setup works then the auto-upgrade mechanism used in Chrome will not function because the browser software has no specific information about the actual resolver being used in order to determine whether to move to DoH.

      As I said, it all depends, but I doubt you’ll benefit from the auto-upgrade approach and will need to amend the settings in Chrome- you’ll have to do this for any other relevant applications software anyway until Windows 10 adds support for DoH in the full release. This is one of the disadvantages of applications determining DNS settings rather than relying on the operating system.

Comments are closed

Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £24.00
132Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £27.99
145Mbps
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
100Mbps
Gift: None
Sky Broadband UK ISP Logo
100Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £15.00
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £19.99
150Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
BeFibre UK ISP Logo
BeFibre £21.00
150Mbps
Gift: £25 Love2Shop Card
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (5443)
  2. BT (3497)
  3. Politics (2513)
  4. Openreach (2285)
  5. Business (2242)
  6. Building Digital UK (2226)
  7. FTTC (2040)
  8. Mobile Broadband (1954)
  9. Statistics (1770)
  10. 4G (1648)
  11. Virgin Media (1603)
  12. Ofcom Regulation (1446)
  13. Wireless Internet (1384)
  14. Fibre Optic (1384)
  15. FTTH (1380)
Promotion
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact
Mastodon