In June, Google announced that its DNS Over HTTPS (DoH) service is officially available. DoH wraps domain name queries into a DNS server with a secure, encrypted HTTPS connection, making it impossible for eavesdroppers to access the query. It is one of several emerging Internet protocols designed to narrow the gap between online communication security and privacy. Both Google and the Mozilla are testing the deal, and Mozilla just said that it will launch DoH to Firefox users by the end of the month.
DoH will soon appear in the Chrome browser, and the official announcement on the Chromium blog says that Chrome 78 is experimenting with DoH. “More concretely, the experiment in Chrome 78 will check if the user’s current DNS provider is among a list of DoH-compatible providers, and upgrade to the equivalent DoH service from the same provider. If the DNS provider isn’t in the list, Chrome will continue to operate as it does today. The providers included in the list were selected for their strong stance on privacy and security, as well as the readiness of their DoH services, and also agreed to participate in the experiment. The goals of this experiment are to validate our implementation and to evaluate the performance impact,” said Chrome product manager Kenji Baheux.
This lab covers only a small percentage of Chrome users and will run on all supported platforms (except Linux and iOS). “If DoH fails, Chrome will revert to the provider’s regular DNS service. Opting-out of the experiment will be possible from Chrome 78 by disabling the flag at chrome://flags/#dns-over-https.”