DNS over HTTPS

User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: DNS over HTTPS

Post by BobH »

Thank you, Argus!

Should I remove my offending time and temp gadget?
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
Argus
GoldLounger
Posts: 3081
Joined: 24 Jan 2010, 19:07

Re: DNS over HTTPS

Post by Argus »

No, no, I was just adding mixed content pages to the discussion with an example. :smile: As I said I think we all see it every now and then; in this case it's passive content, an animated gif. (Signatures etc. are for the admins to decide; I don't think I've seen or experienced anything offending in the Lounge(s) for almost 20 years. :thumbup:)
Byelingual    When you speak two languages but start losing vocabulary in both of them.

User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: DNS over HTTPS

Post by BobH »

Thanks, again, Argus.

By offending, I didn't mean to imply offensive but that my gadget might be creating an unnecessary vulnerability for a fellow lounger.
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: DNS over HTTPS

Post by StuartR »

BobH wrote:It's time to set a new DNS. First a search to find out how to do that.
Just setting a new DNS server won't help. You need to make sure that you are using an encrypted protocol to the DNS server, otherwise the traffic is transparent to your ISP and then can log everything anyway.

Firefox provides DNS over HTTPS, which encrypts all the DNS traffic from that browser.
You can use a product like DNSCrypt to encrypt all DNS traffic, but this is non-trivial (see https://www.howtogeek.com/203139/how-to ... -browsing/
StuartR


User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: DNS over HTTPS

Post by BobH »

Thanks, Stuart!

I'm using Firefox. I almost never use Chrome or IE. I think I'll hold off exploring DNScrypt but will come back to it.

I went through the process of changing my DNS server to one used by Cloudfare and another from Google. Is there any way to check that those are, in fact, actively being used? I made the changes per a how-to if found. The changes I made were in network settings.
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
HansV
Administrator
Posts: 78241
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: DNS over HTTPS

Post by HansV »

I find Steve Gibson's DNSBench (free) a useful tool.
Best wishes,
Hans

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: DNS over HTTPS

Post by StuartR »

Changes made in network settings can be seen by typing nslookup to a command prompt. Mine is configured by my VPN software and looks like this...
You do not have the required permissions to view the files attached to this post.
StuartR


User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: DNS over HTTPS

Post by BobH »

Hmmm! Mine doesn't look like that. It only shows the name of my wifi network with nothing about DNS
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: DNS over HTTPS

Post by StuartR »

That is probably because your router is providing DNS service to your device. You then need to go back one level to see how the router is configured. It will almost certainly be using the ISP's DNS service.
StuartR


User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: DNS over HTTPS

Post by BobH »

I didn't even know that the router has a DNS setting. When I find it, should I use the same ones I set in the network settings, Cloudfare and Google?
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
HansV
Administrator
Posts: 78241
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: DNS over HTTPS

Post by HansV »

If you specify the DNS in your router, all devices connected to that router will use those settings unless the device has its own settings.
In other words, if you leave the DNS settings in Windows blank, your PC will use the router's DNS.
If you specify different DNS in Windows than in the router, the Windows settings will overrule the router settings.
Best wishes,
Hans

User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: DNS over HTTPS

Post by BobH »

Thanks, Hans!!

I will definitely use the same settings. I'm having problems accessing the DNS settings on my Linksys EA7300 router. Still searching for answers, but if you have any magic dust I will happily be sprinkled with it.

:cheers: :chocciebar: :thankyou:
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
HansV
Administrator
Posts: 78241
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: DNS over HTTPS

Post by HansV »

Enter 192.168.1.1 in your browser's address bar, then press Enter.
This should start the Linksys router's web interface.
See EA7300 DNS for details
Best wishes,
Hans

User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: DNS over HTTPS

Post by BobH »

Knock! Knock! It's me again.

I changed the preferred and secondary DNS server settings in my Linksys router today then logged out and back into it to confirm the changes remained. They did. I used 1.1.1.1 and 1.0.0.4 respectively.

My Windows 10 settings somehow reverted back to automatically choosing - or I didn't set them correctly; so I changed them again today.

I then went to the command prompt and ran nslookup with this result:
nslookup results after changing router sttic DNS addresses.PNG
Does this indicate that I finally have my DNS servers properly set up?
You do not have the required permissions to view the files attached to this post.
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
HansV
Administrator
Posts: 78241
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: DNS over HTTPS

Post by HansV »

That looks OK!
Best wishes,
Hans

User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: DNS over HTTPS

Post by BobH »

Thank you, Hans!

You cannot imagine how many hoops I had to jump through to get the router set then to discover that my Windows settings weren't permanent.

I plan to check tomorrow to be sure everything is still OK.

:cheers: :chocciebar: :thankyou:
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: DNS over HTTPS

Post by StuartR »

Do remember that setting this DNS configuration in your router will NOT give you any additional privacy. Because DNS lookups are not encrypted, your ISP can still log every DNS query that you make.
StuartR


User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: DNS over HTTPS

Post by BobH »

Thanks, Stuart. I do remember that the link is not encrypted, but choosing a different DNS server makes me feel a little better.

Do you have any experience with VPN on a router? I bought this somewhat out-of-date Linksys EA3700 because it can (supposedly) have its firmware flashed to implement VPN in it. I haven't tried it yet. I have a VPN app on my iOS devices but this laptop doesn't have the capacity to run it.
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: DNS over HTTPS

Post by StuartR »

I know that some routers support VPN Bob, but I have never tried it. My experience with VPN is that some web sites won't play nicely with it, so I need to turn it off sometimes while I do something, and then turn it on again.
StuartR


User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: DNS over HTTPS

Post by BobH »

Thanks, Stuart.

My first thought is that I don't want to visit any site that doesn't play well with VPN, but I have no experience of that.
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016