Prompted by Firefox, I'm now using encrypted DNS (DoH) everywhere

philstollery · March 11, 2020, 8:51am

I wanted to pick people’s brains on:

I’m firefox everwhere because I have to use a PC at work, and well, even though it has problems I like how I can customize it. Reading a blog post about their Enable DNS over HTTPS feature I explored NextDNS.

I’ve now installed it on all my devices and at the network level. All my DNS traffic is going through them and it’s fascinating.

The web is faster (due to all the blocked trackers and ads), and I can see what is trying to load where. I’ve used the whitelist to make things work that get broken. If you know of Pi-hole - it’s like that but running at the router level.

Have I made a massive mistake?

lsamberg · March 11, 2020, 12:17pm

Why would you believe it might be a massive mistake? I think that DoH is a great idea. But regardless, if you have a problem you can just back it out. Seems like a worthwhile experiment, at worst.

rob · March 11, 2020, 3:27pm

Well, you need to trust the company behind NextDNS more than your ISP (or any other DNS service you were using).

So far I do.

Note that they also have a macOS App and a CLI that runs on macOS, so you can use it for all communication; not just within Firefox.

In fact, that CLI also runs on several routers, so even IoT devices will use it.

nat-art · March 11, 2020, 3:52pm

Note that there are other ways to block trackers and ads (such as web browser preferences, extensions, and/or a host-based application firewall such as Little Snitch), so if you were to use a service like this only to block trackers and ads (which seems not to be @philstollery’s only intention) then you might have made a mistake if other options were better suited to your requirements.

philstollery · March 18, 2020, 4:15pm

Yep installed on my Mac mini and laptop.

MacExpert · April 10, 2024, 10:57am

I am applying a DoH using Cloudflare DNS for my entire network using this setting on a Synology router.