DNS over HTTPS: things to consider when you go “private”

Synology RSS · 24. Jul 2019

What it means for privacy, security, and parental controls, and whether there’s a way to have them all. The term “DNS over HTTPS (DoH)” has been hitting the headlines in the past month: Google announced its general availability in June, and in July, Mozilla was nominated for “2019 Internet Villains” by the UK Internet Services […]

Continue reading...
- - -
Source: blog.synology.com

Rusty · 24. Jul 2019

Guess we are waiting for SRM 1.2.3

Shadow · 28. Jul 2019

But they won't intruduce this feature in the DNS package on DSM? I run DNS on my NAS'es instead of my routers..

Telos · 29. Jul 2019

It's great for malware... buries its DNS calls in https. For me, I use DNS over TLS. Seems sufficient.

jono · 30. Jul 2019

I hadn't heard of 'DNS over HTTPS' before.

I'm using AdGuard on my Synology via Docker, and my router (RT2600ac) now has 1.2.3 installed.

Does anyone know if enabling DNS over HTTPS on my router could cause problems when also run with AdGaurd? (Or vice versa)

Rusty · 30. Jul 2019

jono said:
I hadn't heard of 'DNS over HTTPS' before.

I'm using AdGuard on my Synology via Docker, and my router (RT2600ac) now has 1.2.3 installed.

Does anyone know if enabling DNS over HTTPS on my router could cause problems when also run with AdGaurd? (Or vice versa)

It won't. I have the same setup and there is no problem. ADGuard runs on DoH already anyways

jono · 30. Jul 2019

Ah, good to know. Thanks.

Rusty said:
ADGuard runs on DoH already anyways

If that's the case then would there be any benefit in enabling it? (If AdGuard is already running on DoH)

Rusty · 30. Jul 2019

well if your entire lan is running via adguard, then no.

jono · 30. Jul 2019

Yeah, it does. Thanks for clarifying that

horizonbrave · 9. Aug 2019

Telos said:
I use DNS over TLS. Seems sufficient

Hi, please how do you achieve that?

Telos · 9. Aug 2019

horizonbrave said:
Hi, please how do you achieve that?

2 ways... via Asus router using Merlin firmware, or using Simple DNSCrypt on individual Windows PCs.

horizonbrave · 27. Sep 2019

Rusty said:
well if your entire lan is running via adguard, then no.

Correct! Apparently if DoH is enabled the DNS values in Internet settings will be ignored (see this reddit post).
Thanks

cloverleaf · 29. Sep 2019

do I understand correctly, that if I use it, then instead of my provider, it will be google who will know all my browsing history?

itsjasper · 29. Sep 2019

Not if you choose Cloudflare. ;-)

crkinard · 7. Oct 2019

Don't use DoH.

Use DoT.

itsjasper · 7. Oct 2019

crkinard said:
Don't use DoH.

Use DoT.

Care to provide any reasoning for this?

its amusing how some people are getting worked up about this. If folk are pointing upstream to Google DNS, be that DOH or not, then Google already will have their browsing history.

Thats why I chose to trust Cloudflare (with DoH) over the folks at Mountain View.

Alternatively roll your own DNS server and point it to root servers. Less snooping, less protection, but no-one but you collecting your DNS request logs.

horizonbrave · 10. Oct 2019

horizonbrave said:
Correct! Apparently if DoH is enabled the DNS values in Internet settings will be ignored (see this reddit post).
Thanks

Oh gosh how distracted I am!
Not sure if it showed before but when you enable DOH there's a warning message that the DNS will change (please see pic attached)

horizonbrave · 10. Oct 2019

Should we please consider somehow link (or move perhaps) this thread into the Router section?
I think it may interest more people

Thanks

horizonbrave · 12. Oct 2019

itsjasper said:
Care to provide any reasoning for this?

Today I bumped into this article, maybe he/she was just referring to one of those points (interesting reading for the ignorant me by the way).

itsjasper · 13. Oct 2019

The article seems to make two points:

1) For enterprises DoH is bad because it reduces monitoring visibility and makes control harder
2) It's not a magic bullet for security / anonymity

...well 'Duh' to both those points. but for the average home / SoHo user, the former isn't relevant, and the latter should be obvious, as there aren't any magic bullets where security is concerned - it's a constantly evolving battleground.

Making Requests - Cloudflare Resolver is the better article. I also notice that CloudFlare's DoH resolver supports DoT.

Definitely agree that DoT is a better solution than DoH, but only the latter is currently doable in SRM.

DNS over HTTPS: things to consider when you go “private”

Currently reading
DNS over HTTPS: things to consider when you go “private”

Synology RSS

Rusty

Shadow

Telos

jono

Rusty

jono

Rusty

jono

horizonbrave

Telos

horizonbrave

cloverleaf

itsjasper

crkinard

itsjasper

horizonbrave

Attachments

horizonbrave

horizonbrave

itsjasper

Similar threads

Trending threads

Forum statistics

DNS over HTTPS: things to consider when you go “private”

Currently reading DNS over HTTPS: things to consider when you go “private”

Attachments

Similar threads

Currently reading
DNS over HTTPS: things to consider when you go “private”