Firefox Browser: Do I Enable or Disable DNS over HTTPS - Which option please?

ih8stress

Hi folks

I know I've asked this question before but have just re-installed Firefox and can't recall what I did last time (I could have sworn I took screenprints of everything but this particular one is missing):

The options are:

Enable DNS over HTTPS using:
Default Protection (Firefox decides when to use secure DNS to protect your privacy)
Increased Protection
Max Protection
Off (use your default DNS resolver)

I HAVE tried to read up on it but as usual anything techie just goes over my head and confuses me even more (not difficult, ha ha).

I'm still on my desktop pc, Windows 10. Installed the latest version of Firefox VERSION 122.01

Hope all you regulars are still around - even if some of you might have changed your names

Thank you in advance

SiliconChip

Just checked mine and it's set to Default Protection.

However, it's not a setting I have ever made myself, I imagine if you don't choose something else then it's set to Default automatically on installation. I have no idea whether any of the other options would make browsing less or more secure.

bat999

Hi

I have...

Enable DNS over HTTPS using:
Increased Protection
Choose provider: Cloudflare (Default)

This test...

Here ---> https://one.one.one.one/help

Shows ---> Using DNS over HTTPS (DoH) - Yes

Neil_Jones

https://support.mozilla.org/en-US/kb/firefox-dns-over-https

if in doubt... Leave it on the detaulf.

ih8stress

Hi

Really appreciate all the quick answers  

I am dithering whether to go with the Default or Increased Protection options then.

Trying them all out on this website I get the following results:

Default Option                                       Status                Off

Increased Protection Option                 Status                 Not Active  (NS_ERROR_NET_INTERRUPT)

Max Protection Option                          Status                 Active

Off Option                                             Status                 Off

MSE loads okay for the Default/Increased/Off options.

It shows a 'Possible security risk looking up this domain' message with the Max Protection option.

I understand this is normal but not sure how I'd proceed in this instance.

I have the settings as 'Strict', 'private browsing mode' and 'enable HTTPS-Only mode in all windows, if this makes any difference?

Do the above Status results look as they should do?

Thanks

ih8stress

bat999 said:

Hi

I have...

Enable DNS over HTTPS using:
Increased Protection
Choose provider: Cloudflare (Default)

When I use this website test ---> https://dnsleaktest.com/
It shows Cloudflare, London, United Kingdom
Sometimes Cloudflare, Manchester, United Kingdom

And this test ---> https://1.1.1.1/help
It shows Using DNS over HTTPS (DoH) - Yes

I have just tried the 1.1.1 link and it shows

Connected to 1.1.1.1	No
Using DNS over HTTPS (DoH)	No
Using DNS over TLS (DoT)	No
Using DNS over WARP	No

Cloudflare Data Centre              Man

Connectivity to Resolver IP Addresses       YES

Is this correct @bat99

thanks

ih8stress

Been trying to learn more about it and just getting even more confused.

There is so much conflicting advice around that a non-techie like me finds hard to sift through.

Should it be Enabled or Disabled?

It sounds riskier to enable it but what do I know - nada!

Help, please

Riverstone58

From your previous log details this is a secure private DNS provider, Cloudflare.

Although I don't use Firefox I've used Cloudflare for many years, an overview of which is here .... https://www.cloudflare.com/en-gb/learning/dns/what-is-1.1.1.1/

Miser1964

ih8stress said:

Been trying to learn more about it and just getting even more confused.

There is so much conflicting advice around that a non-techie like me finds hard to sift through.

Should it be Enabled or Disabled?

It sounds riskier to enable it but what do I know - nada!

Help, please

I switched to secure DNS a few months back, encrypting traffic to the DNS is akin to using HTTPS for online banking as it stops anyone snooping or intercepting the request and directing the browser to a phishing site instead of your bank etc.

If you enable secure DNS, I suggest not relying on your ISP's default DNS server but set your computer to use the IP address one of the big servers such as Google (8.8.8.8), Cloudflare (1.1.1.1) or Quad 9 (9.9.9.9). The last two will also filter out known malware sites.
 

ih8stress

Thank you for your reply. Keeping things simple so I understand it, from my test of the 1.1.1.1. Link I tried it showed my ISP name and mentioned Cloudflare. Doesn't this mean they do use cloudflare as their dns provider?
Which riverstone58 seems to suggest too?

Getting back to my earlier question -Does anyone know whether I should enable or disable dns?  Which is safest, as either option seems to pose security concerns and is what I am struggling to find out and understand the different pro's and con's of.

Thanks 

ih8stress

Comment Not Found

Sorry, you’ve landed on a page that doesn’t exist.

Hi @Bat999. I briefly saw a reply from you on the 25th March but was unable to check it out or reply at the time and I now get the above message when trying to access it through my notifications - and it is not showing here. Did you edit or delete it for some reason?

I also get the following message when trying to check out the 1.1.1.1.help link that I used previously?

Secure Connection Failed

An error occurred during a connection to one.one.one.one. PR_END_OF_FILE_ERROR

Error code: PR_END_OF_FILE_ERROR

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

    Please contact the web site owners to inform them of this problem.

Thanks. Happy Easter, I do not expect a quick response.

Regards