Spitfire
Active Member
Greetings:
Tonight I introduce the initialism DoH (DNS over HTTPS). This is a scheme which uses HTTPS/SSL to resolve your DNS lookups. For the uninitiated, DNS is a distributed database which maps internet names to addresses. For example,
Instead of using the DNS servers of your ISP (or your enterprise), the name lookups are tunneled over HTTPS/SSL to CloudFlare to use their public DNS server at 1.1.1.1. Up until now, this behavior has been optional to enable, but starting with Firefox 74.0beta, released today, this behavior is enabled by default. It is important to note this default behavior can be turned off, but you have to go out of your way to do so.
I do not post this to spread FUD or convince you, the reader, that you should care about this. The reality is that CloudFlare is a decent company, very concerned with privacy and I think the intent is pure, to keep your ISP (or authoritarian governments) from peeking at your DNS lookup to build data against you.
Many users will not care and perhaps that's fine. But if this introduction leaves you with more questions, please look into it. Or ask here. But many enterprises should probably care because this can cause information leakage. You probably do not want someone outside of your organization to know what names your employees are looking up. DoD is hip to this; I think they will deploy this (where Firefox is used/allowed) with this feature disabled.
Anyway, here are a few links to peruse.
https://blog.mozilla.org/blog/2020/...bring-dns-over-https-by-default-for-us-users/
https://en.wikipedia.org/wiki/Cloudflare
Tonight I introduce the initialism DoH (DNS over HTTPS). This is a scheme which uses HTTPS/SSL to resolve your DNS lookups. For the uninitiated, DNS is a distributed database which maps internet names to addresses. For example,
Code:
brain:~ pinky$ dig +short forums.somd.com.
67.225.185.69
brain:~ pinky$Instead of using the DNS servers of your ISP (or your enterprise), the name lookups are tunneled over HTTPS/SSL to CloudFlare to use their public DNS server at 1.1.1.1. Up until now, this behavior has been optional to enable, but starting with Firefox 74.0beta, released today, this behavior is enabled by default. It is important to note this default behavior can be turned off, but you have to go out of your way to do so.
I do not post this to spread FUD or convince you, the reader, that you should care about this. The reality is that CloudFlare is a decent company, very concerned with privacy and I think the intent is pure, to keep your ISP (or authoritarian governments) from peeking at your DNS lookup to build data against you.
Many users will not care and perhaps that's fine. But if this introduction leaves you with more questions, please look into it. Or ask here. But many enterprises should probably care because this can cause information leakage. You probably do not want someone outside of your organization to know what names your employees are looking up. DoD is hip to this; I think they will deploy this (where Firefox is used/allowed) with this feature disabled.
Anyway, here are a few links to peruse.
https://blog.mozilla.org/blog/2020/...bring-dns-over-https-by-default-for-us-users/
https://en.wikipedia.org/wiki/Cloudflare
