DNS-over-https; activation through autoconfig.js

Support and discussions for the x86/x64 Linux version of Pale Moon.

Moderators: trava90, satrow

Peregrine
Apollo supporter
Apollo supporter
Posts: 45
Joined: 2015-10-26, 08:39
Location: planet earth, orion arm, milky way, the universe

DNS-over-https; activation through autoconfig.js

Unread post by Peregrine » 2019-09-23, 14:42

I'm not sure whether pale moon supports DNS over https (DoH), and not sure whether it's possible to set it trough an autoconfig.js file.
See https://support.mozilla.org/en-US/kb/fi ... over-https

This is my current autoconfig.js setup, not sure what line to add for activating DoH:
https://github.com/Sharrisii/TAZ_option ... oconfig.js

I'm also thinking of using Simple DNSCrypt as an alternative (see https://wiki.installgentoo.com/wiki/DNSCrypt ), or simply not implement the whole thing at all (I don't really need to add it, but it could possibly be an extra asset).

Does anyone know the exact line to add to the autoconfig.js ?

User avatar
Lootyhoof
Themeist
Themeist
Posts: 1292
Joined: 2012-02-09, 23:35
Location: United Kingdom

Re: DNS-over-https; activation through autoconfig.js

Unread post by Lootyhoof » 2019-09-23, 14:50

Pale Moon isn't Firefox, the documentation isn't relevant. ;)

See here for more information on this subject: viewtopic.php?f=62&t=18678

tl;dr: Not happening.

Peregrine
Apollo supporter
Apollo supporter
Posts: 45
Joined: 2015-10-26, 08:39
Location: planet earth, orion arm, milky way, the universe

Re: DNS-over-https; activation through autoconfig.js

Unread post by Peregrine » 2019-09-24, 14:04

Thanks for the link Lootyhoof, I did search palemoon forum before posting this but overlooked that post.
The reasoning behind not supporting DoH sounds logical, and I actually wasn't quite sure of the benefit right from the start.
My main concern with it was (and still is) that CloudFlare seems to be the only server that supports it, effectively tying you to that particular server.
The thought of using VPN is probably not feasible for most however as that's generally a paying service, also I assume that even this slows down the connection (depending on location of VPN vs your location) and can be considered inefficient too.
The alternative to DoH, called DoT (dns-over-tls) isn't mentioned there either, but I assume the same issues are present with this too (inefficient, and probably slows down machine and connection quite a bit).

Does Simple DNSCrypt (or dnscrypt-proxy) also have these issues (will probably slow down machine a bit, but does it slow down connection (I expect not since encryption happens locally) ? By issues, I mainly mean locking you to a particular server.
If so, it's an option, since it isn't browser-dependent.
URL for dnscrypt: https://packages.gentoo.org/packages/net-dns/dnscrypt-proxy

Peregrine
Apollo supporter
Apollo supporter
Posts: 45
Joined: 2015-10-26, 08:39
Location: planet earth, orion arm, milky way, the universe

Re: DNS-over-https; activation through autoconfig.js

Unread post by Peregrine » 2019-09-25, 13:31

Read some more on dns-over tls; seems that this is a lot more efficient then dns-over-https.
It does not have have an extra http layer sandwiched in the encryption process (unlike dns-over-https).
Dns-over-tls is more insecure (the port it runs at can be easily blocked and if not using a strict profile, it may fall back to an insecure connection), but I don't think that's a huge problem and still find it better then dns-over-https

The big problem however is that dnscrypt-proxy seems to simply be a dns-resolver and you still need to connect to a server supporting either dns-over-https or dns-over-tls (cloudflare, google, quad9).

So, I'm dropping the whole thing.

User avatar
moonbat
Astronaut
Astronaut
Posts: 730
Joined: 2015-12-09, 15:45
Location: Australia

Re: DNS-over-https; activation through autoconfig.js

Unread post by moonbat » 2019-09-25, 13:44

Peregrine wrote:
2019-09-25, 13:31

The big problem however is that dnscrypt-proxy seems to simply be a dns-resolver and you still need to connect to a server supporting either dns-over-https or dns-over-tls (cloudflare, google, quad9).
The 'proxy' in the name should've given it away ;)
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Linux Mint 19.2 Xfce x64 on HP i5 laptop with 4 GB RAM, always latest versions of PM & Basilisk unless specified.

vannilla
Astronaut
Astronaut
Posts: 686
Joined: 2018-05-05, 13:29

Re: DNS-over-https; activation through autoconfig.js

Unread post by vannilla » 2019-09-25, 15:50

Pretty sure you can deploy DNSCrypt on your own, but then you'd have to have a personal server acting as a DNS resolver.

Post Reply