Share This Post

News/PR

Mozilla moves its DNS over HTTPS protocol testing to Beta phase

Mozilla moves its DNS over HTTPS protocol testing to Beta phase

Mozilla Firefox is all set to test DNS over HTTPS feature on its beta channel.

As an effort to safeguard user security, web browser Mozilla began experimentation with DNS (Domain Name System) in early June 2018. The new experiment revolved around DNS over HTTPS (HyperText Transfer Protocol Secure) protocol – which uses encryption to secure the DNS requests and responses. In August, the web browser carried out several tests in the Nightly channel to see whether the new protocol had any impact on the browser speed and performance. After a successful test, the company is now planning to test this technique on their beta channel.

DNS over HTTPS aims to address the data leak vulnerabilities that exist when data is exposed in DNS and by recursive resolver, when it searches for any IP address or domain. Mozilla hence launched two new features – Trusted Recursive Resolver (TRR) and DNS over HTTPS (DoH) to fix these vulnerabilities.

Data can be at risk if the operating system uses an untrustworthy resolver that can tamper the response or even track user requests like on-path routers. DoH will protect user data against on-route tampering and eavesdropping. Mozilla also said that it has been working with Cloudflare on this, which is providing a recursive resolution service with pro-user privacy. Cloudflare’s service removes all personally identifiable data between every 24 hours, to ensure that no data is passed along to any third party.

Mozilla added the DoH support to Firefox 62, but not as a default setting. Users need to configure the settings in their browser system.

The August survey results revealed minor performance impact when using HTTPS with a cloud service provider, on non-cached DNS queries. The queries were slower by six-milliseconds, which per the testing team was an acceptable cost for all the benefits it could bring in terms of securing user data. The results also found that the slowest DNS transactions could now perform better with the DoH feature than the traditional ones.

Image Source: Mozilla

We hypothesize the improvements at the tail of the distribution are derived from 2 advantages DoH has compared to traditional DNS. First, is the consistency of the service operation – when dealing with thousands of different operating system defined resolvers there are surely some that are overloaded, unmaintained, or forwarded to strange locations. Second, HTTP’s use of modern loss recovery and congestion control allow it to better operate on very busy or low-quality networks.” – per the company blog.

The Beta Channel experiment will also use Cloudflare’s DoH service. The company will be releasing an initial rollout to selected beta users in the United States following September 10.

Share This Post

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Skip to toolbar