dabigm
ULTIMATE Member
So I've been increasingly interested in using DNS over HTTPS as I feel it provides another level of security on the interwebs. I also use a VPN (I wont mention who, this isn't an advert / spam for VPN providers).
A problem arose in that with my VPN provider, and I'm going to assume with most of them, my cloudflare DNS settings that my home router hands out is overwritten by the VPN client. I contacted my VPN provider (who are really good with support, and answer with really good useful feedback) responded to my question about using custom DNS with:
It won't be possible, as when you're using our VPN, [redacted, name of VPN provider] DNS overrides other DNS.
As we follow a strict no logs policy, this DNS change helps us follow it.
But that answer didn't sit well with me. I understand they're trying to make an effort to make you use their DNS servers to stop leaks, but I want to use my own, and as the title suggests, I want to use DoH/DNS over HTTPS.
So here's my sort of solution.
In chrome, click the 3 dots menu, and go to Settings > Security > Advanced and click the button to enable "Use Secure DNS". Select With and choose cloudflare (you can also choose OpenDNS, Google, Custom etc .. but the DNS provider must obviously support DoH). I noticed that I had to click again on cloudflare as it seemed to not keep the setting after enabling it.
In Firefox :
Go to the menu > Options > General > Network settings and click the "Settings" button
At the bottom of the page, click "Enable DNS over HTTPS" and choose your provider from the list
And there you have it. DNS over HTTPS ... even when your VPN provider says its "not possible". Of course this only works in browsers, the rest of your network / other apps besides browsers will not use it .. but I think this covers the main use for VPNs.
To test it works, visit https://1.1.1.1/help (assuming you are using Cloudflare I guess)
and you should see
considering ISPs will now probably all start logging just about everything, this seems like a good solution to me. My VPN connects automatically when I start the computer, and has a kill switch that will disable my internet connection if the VPN isn't active but now I also have the piece of mind that my DNS is over HTTPs and goes with who I want it to go with.
So if you want DoH, and you want VPN, here's a more or less "solution" to the problem of them dictating who your DNS provider is.
The recent article on this site on ISPs spying on you prompted me to look up the "Investigatory powers Act 2016" and just who can access your internet connection records, without a warrant ... suffice it to say I was pretty surprised to learn that even the food standards agency can request your internet connection logs without a warrant...
Full list here
en.wikipedia.org
I hope this helps.
A problem arose in that with my VPN provider, and I'm going to assume with most of them, my cloudflare DNS settings that my home router hands out is overwritten by the VPN client. I contacted my VPN provider (who are really good with support, and answer with really good useful feedback) responded to my question about using custom DNS with:
It won't be possible, as when you're using our VPN, [redacted, name of VPN provider] DNS overrides other DNS.
As we follow a strict no logs policy, this DNS change helps us follow it.
But that answer didn't sit well with me. I understand they're trying to make an effort to make you use their DNS servers to stop leaks, but I want to use my own, and as the title suggests, I want to use DoH/DNS over HTTPS.
So here's my sort of solution.
In chrome, click the 3 dots menu, and go to Settings > Security > Advanced and click the button to enable "Use Secure DNS". Select With and choose cloudflare (you can also choose OpenDNS, Google, Custom etc .. but the DNS provider must obviously support DoH). I noticed that I had to click again on cloudflare as it seemed to not keep the setting after enabling it.
In Firefox :
Go to the menu > Options > General > Network settings and click the "Settings" button
At the bottom of the page, click "Enable DNS over HTTPS" and choose your provider from the list
And there you have it. DNS over HTTPS ... even when your VPN provider says its "not possible". Of course this only works in browsers, the rest of your network / other apps besides browsers will not use it .. but I think this covers the main use for VPNs.
To test it works, visit https://1.1.1.1/help (assuming you are using Cloudflare I guess)
and you should see
considering ISPs will now probably all start logging just about everything, this seems like a good solution to me. My VPN connects automatically when I start the computer, and has a kill switch that will disable my internet connection if the VPN isn't active but now I also have the piece of mind that my DNS is over HTTPs and goes with who I want it to go with.
So if you want DoH, and you want VPN, here's a more or less "solution" to the problem of them dictating who your DNS provider is.
The recent article on this site on ISPs spying on you prompted me to look up the "Investigatory powers Act 2016" and just who can access your internet connection records, without a warrant ... suffice it to say I was pretty surprised to learn that even the food standards agency can request your internet connection logs without a warrant...
Full list here
Investigatory Powers Act 2016 - Wikipedia
I hope this helps.























