This content is likely not relevant anymore. Try searching or browse recent questions.
This is a heads up about our short term plans for DNS over HTTPS in Chrome (design doc) - please feel free to provide your comments there or on this blog post.
DNS over HTTPS is, as the name implies, a protocol to perform Domain Name System resolution over HTTPS, i.e. converting a site name into an IP address over an encrypted channel.
Most DNS resolution today occurs over an unencrypted channel. This is bad for privacy and for security reasons. Anyone who is on-path can eavesdrop on your browsing habits or even tamper with the resolution to have you navigate to a phishing website or an “access blocked” page for censored sites (see https://tools.ietf.org/html/rfc7626#section-3 for examples).
This is a complex space and our short term plans won’t necessarily solve or mitigate all these issues but are nevertheless steps in the right direction.
For the first milestone, we are considering an auto-upgrade approach. At a high level, here is how this would work:
- Chrome will have a small (i.e. non-exhaustive) table to map non-DoH DNS servers to their equivalent DoH DNS servers. Note: this table is not finalized yet.
- Per this table, if the system’s recursive resolver is known to support DoH, Chrome will upgrade to the DoH version of that resolver. On some platforms, this may mean that where Chrome previously used the OS DNS resolution APIs, it now uses its own DNS implementation in order to implement DoH.
- A group policy will be available so that Administrators can disable the feature as needed.
- Ability to opt-out of the experiment via chrome://flags.
In other words, this would upgrade the protocol used for DNS resolution while keeping the user’s DNS provider unchanged. It’s also important to note that DNS over HTTPS does not preclude its operator from offering features such as family-safe filtering.
We are aiming for an experiment in Chrome 78 (branch cut: Sept 5th; estimated Stable: Oct 22nd) followed by a launch if everything goes well.
This question is locked and replying has been disabled.
This will remove the reply from the Answers section.
Notifications are off
Your notifications are currently off and you won't receive subscription updates. To turn them on, go to Notifications preferences on your Profile page.
Google takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.
Go to the Legal Help page to request content changes for legal reasons.