Mozilla Foundation engineers announced plans over the weekend to test the « DNS over HTTPS » (DoH) fledgling security standard in Firefox Nightly distributions.
The feature will be tested as a Firefox shield study —a browser mechanism that allows engineers to roll out and roll back experimental features at a moment’s notice.
High hopes for DoH protocol
DNS over HTTPS is a web protocol that argues for sending DNS requests and receiving DNS responses via HTTPS connections, hence providing query confidentiality.
The standard is still under discussion at the Internet Engineering Task Force (IETF), and should not be confused with DNSSEC, a standard that uses encryption, but not for « confidentiality » but instead for « origin authentication » between DNS client and server.
DNSSEC was developed to combat DNS-based DDoS attacks and origin IP spoofing, while DoH was created to provide query confidentiality against third-party observers —such as ISPs.
Despite being less than a year old, many view DOH as the encrypted version of the DNS standard, similar to how HTTPS is to HTTP .
Mozilla tests DoH even before protocol’s approval
But even if Mozilla engineers don’t have a final version of the DOH standard, they have decided to test-run the protocol and see how it would fare in the real world.
« Soon we’ll be launching a Nightly-based pref-flip shield study to confirm the feasibility of doing DNS over HTTPs (DoH), » said Patrick McManus, a Mozilla engineer.
« If all goes well the study will launch Monday (and if not, probably the following Monday), » he added. « It will run <= 1 week. If you’re running Nightly and you want to see if you’re in the study check about:studies. »
If a user has been selected to participate in the Firefox shield study, a new entry will appear in the about:studies page and new preferences will show up in the about:config section.
Unfortunately, Bleeping Computer was not selected for the DoH shield study, but you can check out a list of all the new DoH-related preferences on GitHub or in this Ghacks article.
To keep track of how the experiment goes, you can bookmark this Google Groups discussion and this Mozilla bug tracker entry.
To read the original article:
https://www.bleepingcomputer.com/news/software/mozilla-is-testing-dns-over-https-support-in-firefox/