DNS-over-HTTPS: Privacy and Security Concerns

I run Cloudflare DNS with network adapter.
Does Edge -> Use Secure DNS -> Choose a service provider -> Cloudflare (1.1.1.1) ...do anything?
I get the same test results with Use current service provide & Choose a service provider & Use Secure DNS off.

Spoiler: related pic

 

"Secure DNS" rarely shows as enabled on their site. It's basically a bug at this point.

 

Okay....I run Cloudflare DNS with network adapter.
Does -> Choose a service provider -> Cloudflare (1.1.1.1) do anything ... since, I run Cloudflare DNS with network adapter.
Thanks

 

Just curious. Is there any benefit to using DNS over HTTPS in Firefox if you already have HTTPS-Only Mode in all windows enabled? Also, is there any point to enabling DNS over HTTPS if you are using a secure VPN?

 

I ask because it sounds to me like encrypting the encrypted encryption.

 

yes, because they're two different things. the latter just makes sure you're viewing a website thru https and the former just makes sure your dns queries are performed thru https (with a slight overhead).

 

nope. quite the contrary, you should not enable it or your dns queries will be performed thru a thirdy party dns provider's servers instead of your vpn service provider's dns servers.

 

running cf regular dns on your network adapter does not encrypt your system's dns queries. if you enable secure dns in edge, then your dns queries will be encrypted and protected against mitm attacks, say, on public wifi networks or insecure networks.

 

Ah, OK. I think I've got it now. Thanks for clarifying, Mate.

 

One benefit for me is, that now I could visit sites my provider blocks access to (like thepi****bay).
And there will soon be more sites blocked. See this Dutch article:
https://tweakers.net/nieuws/189092/...ereenkomst-over-blokkeren-piraterijsites.html
(Stichting Brein is the equivalent of the RIAA/MPAA)

Without DoH, I get redirected to:
https://www.ziggo.nl/yarrr

 

An understandable measure.

 

Sorry, I was not clear. I'm asking about "Choose a service provider -> Enter custom provider". I run Edge Use secure DNS to specify how to lookup the network address for websites On with Use current service provider -> network adapter 1.1.1.1. Do I also need to Choose a service provider -> Enter custom provider -> Cloudflare (1.1.1.1)
Since, my current service provider is 1.1.1.1. Do I need to choose a custom service provider -> Cloudflare (1.1.1.1).
What does "Choose a service provider -> Enter custom provider" -> Cloudflare (1.1.1.1) do with my setup? Use secure DNS On + network adapter 1.1.1.1. Thanks

 

No, Windows DoH actually seems faster. The only benefit of not using it would be that you could disable potentially vulnerable DNS Cache service. But if it is already ON, using browser's DoH could create a potential vulnerability.

I have browser's DoH disabled by policy, so malware/extension could not enable it at will.

 

no problem, dave.

 

you don't need to enter custom provider unless you wanna use a service provider other than cf.

 

So, if I ran my ISP dns resolver - network adapter. Edge has the ability to route my traffic thru a custom provider without me assigning that provider with my network adapter. Does Edge route my traffic for IPv4 and IPv6? Sorry, for being so slow to understand.

 

exactly. your dns queries will be encrypted via https. not your internet traffic, just your dns queries. and this is why you shouldn't use doh while on vpn. all major browsers have it btw, not just edge.

 

Okay, just hard for me to imagine any browser can proxy my traffic. I imagine routing traffic is via my network.

 

i think you misunderstood my post. i edited my previous post just about the same time you quoted it. so please re-read my previous post.

 

Okay...light bulb. Just my dns queries.
Use secure DNS to specify how to lookup the network address for websites.
Yeah, I was thinking traffic.
Thanks

 

that's right. just your dns queries. that's all. you will not be anonymous, your internet traffic will not be hidden from your isp.

 

Since I've recently purchased a subscription to Kaspersky VPN and I'm not seeing any noticeable slowdowns I decided to enable to connect automatically at Windows start. After understanding the information you've provided I did as you suggested and disable DNS over HTTPS.

Thanks again for that valuable info.

Cheers!

 

glad to be of help.

 

just for the record;

your network devices' (custom) dns settings overrides your isp's dns servers;

your system's dns settings overrides your router's/modem's/ap's (network devices') dns settings;

your vpn's dns servers (if it's using its own private/custom dns servers*) overrides your system's dns settings;

the (secure) dns settings in your browser/client overrides your system's & vpn's dns settings.

*some vpn service providers just use public dns servers such as google dns.

 

Ah ha! When I checked for leaks with Kaspersky VPN it showed a bunch of Google servers, so that explains why.