DNS over HTTPS: things to consider when you go “private”

Currently reading
DNS over HTTPS: things to consider when you go “private”

What it means for privacy, security, and parental controls, and whether there’s a way to have them all. The term “DNS over HTTPS (DoH)” has been hitting the headlines in the past month: Google announced its general availability in June, and in July, Mozilla was nominated for “2019 Internet Villains” by the UK Internet Services […]

Continue reading...
- - -
Source: blog.synology.com
 
727
263
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
But they won't intruduce this feature in the DNS package on DSM? I run DNS on my NAS'es instead of my routers..
 

Telos

Subscriber
2,004
666
NAS
DS418play, DS213j, DS3622+, DSM 7.1.4-11091
It's great for malware... buries its DNS calls in https. For me, I use DNS over TLS. Seems sufficient.
 
142
31
jonohunt.design
NAS
DS1019+, DS218+, DS416play, unRAID
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Linux
  2. macOS
  3. other
Mobile operating system
  1. iOS
I hadn't heard of 'DNS over HTTPS' before.

I'm using AdGuard on my Synology via Docker, and my router (RT2600ac) now has 1.2.3 installed.

Does anyone know if enabling DNS over HTTPS on my router could cause problems when also run with AdGaurd? (Or vice versa)
 

Rusty

Moderator
NAS Support
4,601
1,327
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I hadn't heard of 'DNS over HTTPS' before.

I'm using AdGuard on my Synology via Docker, and my router (RT2600ac) now has 1.2.3 installed.

Does anyone know if enabling DNS over HTTPS on my router could cause problems when also run with AdGaurd? (Or vice versa)
It won't. I have the same setup and there is no problem. ADGuard runs on DoH already anyways
 
142
31
jonohunt.design
NAS
DS1019+, DS218+, DS416play, unRAID
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Linux
  2. macOS
  3. other
Mobile operating system
  1. iOS
Ah, good to know. Thanks.

ADGuard runs on DoH already anyways

If that's the case then would there be any benefit in enabling it? (If AdGuard is already running on DoH)
 

Rusty

Moderator
NAS Support
4,601
1,327
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
well if your entire lan is running via adguard, then no.
 
142
31
jonohunt.design
NAS
DS1019+, DS218+, DS416play, unRAID
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Linux
  2. macOS
  3. other
Mobile operating system
  1. iOS
Yeah, it does. Thanks for clarifying that (y)
 
129
55
NAS
2x DS920+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Linux
  2. macOS
  3. Windows
  4. other
Mobile operating system
  1. iOS
Not if you choose Cloudflare. ;-)
 
129
55
NAS
2x DS920+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Linux
  2. macOS
  3. Windows
  4. other
Mobile operating system
  1. iOS
Don't use DoH.

Use DoT.
Care to provide any reasoning for this?

its amusing how some people are getting worked up about this. If folk are pointing upstream to Google DNS, be that DOH or not, then Google already will have their browsing history.

Thats why I chose to trust Cloudflare (with DoH) over the folks at Mountain View.

Alternatively roll your own DNS server and point it to root servers. Less snooping, less protection, but no-one but you collecting your DNS request logs.
 
22
1
Router
  1. RT2600ac
Correct! Apparently if DoH is enabled the DNS values in Internet settings will be ignored (see this reddit post).
Thanks

Oh gosh how distracted I am!
Not sure if it showed before but when you enable DOH there's a warning message that the DNS will change (please see pic attached) :)
 

Attachments

  • syno forum.png
    syno forum.png
    161.5 KB · Views: 135
22
1
Router
  1. RT2600ac
Should we please consider somehow link (or move perhaps) this thread into the Router section?
I think it may interest more people ;)
Thanks
 
129
55
NAS
2x DS920+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Linux
  2. macOS
  3. Windows
  4. other
Mobile operating system
  1. iOS
The article seems to make two points:

1) For enterprises DoH is bad because it reduces monitoring visibility and makes control harder
2) It's not a magic bullet for security / anonymity

...well 'Duh' to both those points. but for the average home / SoHo user, the former isn't relevant, and the latter should be obvious, as there aren't any magic bullets where security is concerned - it's a constantly evolving battleground.

Making Requests - Cloudflare Resolver is the better article. I also notice that CloudFlare's DoH resolver supports DoT.

Definitely agree that DoT is a better solution than DoH, but only the latter is currently doable in SRM.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Thank you for the answers. It is runninig now without that one line. Will look later if I really need this.
Replies
28
Views
5,948
I guess it’s only Tomato and DD-WRT firmware then with such support at the moment! I’ve dabbled with them...
Replies
2
Views
2,569
I've configured the OpenVPN server in SRM (in vpn plus server), and I've checked the 'allow clients to...
Replies
0
Views
432
Yep, thats what I'm doing as wel. Would be nice if Synology would come up with something like Microsoft IPAM.
Replies
6
Views
895
Replies
2
Views
2,593

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top