Mozilla this week announced plans to gradually roll-out DNS-over-HTTPS (DoH) in Firefox starting this month, though only users in the United States will receive it in the beginning.
The DoH protocol was designed to enhance overall security of Internet users by sending DNS queries and getting DNS responses over HTTP using TLS security, which improves both integrity and confidentiality.
Mozilla first started working on the DoH protocol in 2017 and has been experimenting the protocol’s deployment in Firefox since June 2018. At the moment, over 70,000 users have already enabled DoH in their stable versions of Firefox, the browser maker says.
The Internet organization also notes that experiments have demonstrated that their service is reliable and delivers good performance, that deployment problems can be detected and mitigated, and that most users will benefit from the greater protections of encrypted DNS traffic.
“We feel confident that enabling DoH by default is the right next step. When DoH is enabled, users will be notified and given the opportunity to opt out,” Mozilla notes.
What the browser maker has learned was that Firefox users in the United States rarely configured OpenDNS’ parental controls and Google’s safe-search feature (only 4.3% of users in the study did) and that 9.2% of users triggered a split-horizon heuristics (accessed websites had domains with non-public suffixes or domain lookups returned both public and private IP addresses).
Moving forth, Mozilla plans on deploying DoH in fallback mode, meaning that Firefox will fall back and use the default operating system DNS if domain name lookups using DoH fail or if heuristics are triggered.
“This means that for the minority of users whose DNS lookups might fail because of split horizon ..
Support the originator by clicking the read the rest link below.
