DNS over HTTPS

If your internet connection is regularly bad, in special these days that the coronavirus quarentine is making us all work from home, here is something to try. This works for Chrome but it might work for other browsers as well.

Many times your internet service provider, perhaps in order to lower the traffic at peak hour, will selectively try to block some of the user traffic in their network. I have Comcast and yesterday there was allegedly an “outage” in my area. However my ISP was not blocking other traffic: my VPN was working normally. The only difference was that VPN does not need DNS. Also remember, Comcast also has the Home security business, which relies on IP traffic flowing normally.

So Comcast was not blocking browser traffic, which would perhaps be a big change in configuration on their side but they will just blocked the name service (DNS – domain name service) which translates website names (eg www.microsoft.com) to IP (Internet Protocol) addresses as 104.215.148.63, which is what the browser effectively uses to transmit information across the web.

This had the immediate effect that our browsers were not able to get IP addresses for website URLs, although all the traffic in and out to your home was unaffected. So what we need is a way to bypass Comcast DNS services, and that’s how I did it.

The first step is to tell our browsers to use a new DNS service (Google, Cloudfare, etc). The second step is to encrypt that connection using DNS-over-HTTPS.

On Windows 10, go to Control Panel/Network and Internet/Network Connections, right click on your Wi-fi (or active ethernet) internet connection and select “Properties”, like shown in the picture below.

Then search for “Internet Protocol Version 4 (TCP/IPv4)” and click “Properties”.

There you will add Google’s DNS services to be the default for your connection. Add 8.8.8.8 and 8.8.4.4 to the DNS server list, as shown in the picture below and hit OK. Other possible alternatives are OpenDNS (208.67.222.222 and 208.67.220.220) and Cloudfare (1.1.1.1 and 1.0.0.1). Others can be seen here in this list: TechRadar.

To encrypt this connection, on Chrome, write “chrome://flags/#dns-over-https” in the address bar. Then, make sure that the option “Support for HTTPSSVC records in DNS” is enabled, like in the figure below.

Happy quarentine browsing!