OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Firefox and Cliqz offer DNS over HTTPS

Article for all Cliqz and Firefox users
Difficulty: Very easy
Importance: Improve security and privacy

This is important, and a big plus, but what does it mean?

What is DNS?

DNS stands for Domain Name Server. When you enter steveshank.com in a browser, your browser does not have any idea who or where I am or how to get to my site. There are over 1.7 billion websites, and that is much too much for your browser to track. It sees the ending .com and goes to a Domain Name Server (DNS) for .com addresses and asks it for my address The DNS server then looks up steveshank.com, and directs the browser to my hosting service, InMotionHosting, which returns my numeric address. Your browser then takes you to that address.

The problem

The problem is that those DNS servers are constantly under attack, and sometimes miscreants intercept your requests. Then you end up with a phony DNS response returning a fake website masquerading as your bank, financial institution or E-mail account. The Internet's design did not consider this as an attack vector, so DNS has been unprotected.

The Solution(s)

There are a few attempts to solve this problem. Probably the most promising is DoH. DoH stands for DNS Over Https. It uses the same security methods used to protect your online credit card purchases and banking. I explained how this works here, but essentially, SSL (now TLS) does 3 things:
  1. Verifies the identity of both parties ensuring that there isn’t someone intercepting your requests.
  2. Encrypts the messages, ensuring your privacy.
  3. Ensures the messages are not tampered with. You can't be redirected to a fake site.
What Firefox and Cliqz are doing is using the same security protocols used by your bank or other secure website

Enabling DoH in Firefox and Cliqz

  • Click the Menu icon on the top right corner
  • Choose Options
  • Choose General
  • Scroll to bottom
  • Under Network Settings choose Settings
  • At the bottom select Enable DNS over HTTPS

That's it. If you are using parental controls and your software controls DNS, then this might cause a problem and you'll need to de-select the option.

Firefox and Cliqz default to using Cloudflare for their DNS server, but let you choose your own provider. Both Google and Quad 9 support DoH. I prefer Quad 9 because it also protects you from some malware sites. Cloudflare would be my second choice. The time for trusting your ISP to provide your DNS is past.

Further reading

Date: November 2019

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster