DNS-over-HTTPS Coming to Chrome 78


In an attempt to improve the privacy and security of its users, Google is getting ready to bring DNS-over-HTTPS (DoH) to the Chrome browser.

Just a few days after Mozilla said it was getting prepared to deploy DoH in Firefox this month, Google disclosed plans to run an experiment to validate its Chrome DoH application, which would take place in the following browser launch, Chrome 78.

The experiment, describes the search giant, is conducted in cooperation with DNS suppliers who support DoH already. The objective is to provide consumers with enhanced safety and privacy “by upgrading them to their existing DNS service’s DoH variant.”

Thus, the already used DNS service will not alter, just the protocol will alter. This also implies that the DNS provider’s current content checks, including current children’s protections, will stay active.

The Chrome 78 experiment, explains Google, will examine whether the user’s DNS supplier is on the list of DoH-compatible suppliers and upgrade them to the corresponding DoH service of the user. Otherwise, Chrome will continue to work as it now does.

“The providers included in the list were selected for their strong stance on privacy and security, as well as the readiness of their DoH services, and also agreed to participate in the experiment. The goals of this experiment are to validate our implementation and to evaluate the performance impact,” the Internet search company says.

Google will run the experiment on all authorized systems for a fraction of the customers, with the exception of Linux and iOS.

“On Android 9 and above, if the user has specified a DNS-over-TLS provider in the private DNS settings, Chrome may use the associated DoH provider, and will fallback to the system private DNS upon error,” Google explains.

The user experience should not be affected by maintaining the present DNS supplier. Malware protection or parental control characteristics from the supplier will continue to operate as only an upgrade to the equivalent DoH service of the supplier will alter.

If DoH fails, Chrome will revert to the periodic DNS service of the provider. Users who choose to do so can deactivate the flag with chrome:/flags/#dns-over-https.

Most Chrome deployments are not included, but Google invites business and education clients to read the next release notes for DoH strategies when posted on the Chrome Enterprise blog.


Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.