Articles in this section

See more

Using DNS over HTTPS (DoH) with Umbrella

Avatar
Phil Dignard
  • Updated
Follow

Protect your DNS traffic with DoH

Keep your DNS queries private by using DNS over HTTPS (DoH) in supporting web browsers. Your browser's DNS traffic becomes encrypted to remain private and unmodified by network operators and snoops. Umbrella now has the following DoH endpoint available:

Hostname Description

doh.umbrella.com

A DoH frontend to our standard production DNS service as provided on 208.67.222.222 and 208.67.220.220

Steps for using DoH with Umbrella will depend on your browser and operating system.

Mozilla Firefox

Details and instructions are available from Mozilla. Firefox can be configured to use Umbrella as a custom DNS over HTTPS provider. Go to Options > General > Network Settings and select Enable DNS over HTTPS. Under Use Provider, choose Custom and enter one of the following URLs:

Standard DNS:

https://doh.umbrella.com/dns-query

Preferences.png

Choose OK and your queries will be encrypted!

Google Chrome

Details and instructions on configuration are available from the Chromium Blog. Chrome will automatically enable the use of DoH if the necessary flag is enabled and it sees Umbrella anycast IP addresses used by the operating system for DNS.

Configure your OS to use the following IP addresses as DNS servers:

Service IPv4 Addresses IPv6 Addresses

Umbrella DNS

208.67.222.222
208.67.220.220

2620:119:35::35
2620:119:53::53

In Chrome's address bar, enter chrome://flags/#dns-over-https and set Secure DNS Lookups to Enabled.

DoH_Chrome_Enable.png

Relaunch your browser, and your DNS queries will be encrypted!

Note that Chrome looks for the Umbrella IP addresses specifically. This means if you're configured to use to IP address of a local DNS server or forwarder, Chrome will not upgrade to using DoH, even if that server forwards to Umbrella.

If your computer is considered managed by Chrome, which is likely if your computer is provided to you by your work or school, it will not auto-upgrade to using DoH.

Instead of auto-upgrading based on IP, advanced users can configure Chrome to use specific HTTPS endpoints directly by launching Chrome from a shortcut or a command line with the following parameters:

Umbrella DNS:

--enable-features="DnsOverHttps<DoHTrial" --force-fieldtrials="DoHTrial/Group1" --force-fieldtrial-params="DoHTrial.Group1:Fallback/true/Templates/https%3A%2F%2Fdoh.umbrella.com%2Fdns-query"

 

Related articles

Comments

0 comments

Article is closed for comments.