Page 1 of 1

DNS-over-https; activation through autoconfig.js

Posted: 2019-09-23, 14:42
by Peregrine
I'm not sure whether pale moon supports DNS over https (DoH), and not sure whether it's possible to set it trough an autoconfig.js file.
See https://support.mozilla.org/en-US/kb/fi ... over-https

This is my current autoconfig.js setup, not sure what line to add for activating DoH:
https://github.com/Sharrisii/TAZ_option ... oconfig.js

I'm also thinking of using Simple DNSCrypt as an alternative (see https://wiki.installgentoo.com/wiki/DNSCrypt ), or simply not implement the whole thing at all (I don't really need to add it, but it could possibly be an extra asset).

Does anyone know the exact line to add to the autoconfig.js ?

Re: DNS-over-https; activation through autoconfig.js

Posted: 2019-09-23, 14:50
by Lootyhoof
Pale Moon isn't Firefox, the documentation isn't relevant. ;)

See here for more information on this subject: viewtopic.php?f=62&t=18678

tl;dr: Not happening.

Re: DNS-over-https; activation through autoconfig.js

Posted: 2019-09-24, 14:04
by Peregrine
Thanks for the link Lootyhoof, I did search palemoon forum before posting this but overlooked that post.
The reasoning behind not supporting DoH sounds logical, and I actually wasn't quite sure of the benefit right from the start.
My main concern with it was (and still is) that CloudFlare seems to be the only server that supports it, effectively tying you to that particular server.
The thought of using VPN is probably not feasible for most however as that's generally a paying service, also I assume that even this slows down the connection (depending on location of VPN vs your location) and can be considered inefficient too.
The alternative to DoH, called DoT (dns-over-tls) isn't mentioned there either, but I assume the same issues are present with this too (inefficient, and probably slows down machine and connection quite a bit).

Does Simple DNSCrypt (or dnscrypt-proxy) also have these issues (will probably slow down machine a bit, but does it slow down connection (I expect not since encryption happens locally) ? By issues, I mainly mean locking you to a particular server.
If so, it's an option, since it isn't browser-dependent.
URL for dnscrypt: https://packages.gentoo.org/packages/net-dns/dnscrypt-proxy

Re: DNS-over-https; activation through autoconfig.js

Posted: 2019-09-25, 13:31
by Peregrine
Read some more on dns-over tls; seems that this is a lot more efficient then dns-over-https.
It does not have have an extra http layer sandwiched in the encryption process (unlike dns-over-https).
Dns-over-tls is more insecure (the port it runs at can be easily blocked and if not using a strict profile, it may fall back to an insecure connection), but I don't think that's a huge problem and still find it better then dns-over-https

The big problem however is that dnscrypt-proxy seems to simply be a dns-resolver and you still need to connect to a server supporting either dns-over-https or dns-over-tls (cloudflare, google, quad9).

So, I'm dropping the whole thing.

Re: DNS-over-https; activation through autoconfig.js

Posted: 2019-09-25, 13:44
by moonbat
Peregrine wrote:
2019-09-25, 13:31

The big problem however is that dnscrypt-proxy seems to simply be a dns-resolver and you still need to connect to a server supporting either dns-over-https or dns-over-tls (cloudflare, google, quad9).
The 'proxy' in the name should've given it away ;)

Re: DNS-over-https; activation through autoconfig.js

Posted: 2019-09-25, 15:50
by vannilla
Pretty sure you can deploy DNSCrypt on your own, but then you'd have to have a personal server acting as a DNS resolver.