Security Experts:

DNS-over-HTTPS Coming to Chrome 78

In an attempt to improve the privacy and security of its users, Google is getting ready to bring DNS-over-HTTPS (DoH) to the Chrome browser.

Just days after Mozilla said it was getting ready to roll out DoH in Firefox this month, Google revealed plans to run an experiment to validate its implementation of DoH in Chrome, and that this would happen in the next browser release, namely Chrome 78.

The experiment, the search giant explains, will be done in collaboration with DNS providers that already support DoH. The goal is to provide users with improved security and privacy “by upgrading them to the DoH version of their current DNS service.”

Thus, the already in use DNS service will not change, only the protocol will. This also means that the existing content controls of the DNS provider, including any existing protections for children, will remain active.

The experiment in Chrome 78, Google explains, will check if the user’s DNS provider is on a list of DoH-compatible providers, and will upgrade to the equivalent DoH service from that provider. Otherwise, Chrome will continue to operate as it does now.

“The providers included in the list were selected for their strong stance on privacy and security, as well as the readiness of their DoH services, and also agreed to participate in the experiment. The goals of this experiment are to validate our implementation and to evaluate the performance impact,” the Internet search company says.

Google will roll out the experiment for a fraction of users, on all supported platforms, with the exception of Linux and iOS.

“On Android 9 and above, if the user has specified a DNS-over-TLS provider in the private DNS settings, Chrome may use the associated DoH provider, and will fallback to the system private DNS upon error,” Google explains.

By keeping the current DNS provider, the user experience should not be impacted. Malware protection or parental control features offered by the provider will continue to work, as the only change will be an upgrade to the provider’s equivalent DoH service.

Should DoH fail, Chrome will revert to the provider’s regular DNS service. Users looking to opt out of the experiment will be able to do so by disabling the flag at chrome://flags/#dns-over-https.

Most managed Chrome deployments are excluded from the experiment, but Google invites enterprise and education customers to read the upcoming release notes for details about DoH policies, when they will be published on the Chrome Enterprise blog.

Related: Google Makes DNS Over HTTPS Generally Available

Related: DNS-over-HTTPS Coming to Firefox

view counter