I believe I’ve set up as much as I can to use Cloudflare and DoH on my Win 7 PC and Android phone.
I primarily use Firefox, latest 64 bit version. I’ve changed trr.mode to 2, I’ve put 188.8.131.52 into bootstrapaddress and the uri already pointed to Cloudflare. So for Firefox I believe I’m now using 184.108.40.206 for DNS, and mode 2 means DoH, correct? It appears all is working okay, even speedtest (see my other thread).
I’ve changed my ipv4 and ipv6 DNS Network Adapter settings to Cloudflare (Win 7 64 bit). IE 11 also seems to run okay, including speedtest today, but interestingly the top of the Cloudflare website doesn’t show; don’t worry about this.
I have the 220.127.116.11 App active on my Android phone.
- I still have to occasionally use IE11. How do I force IE11 to use DoH?
- How do I set up DoH on my Android phone?
- How do I force any internet requests from non-browser app’s on my PC to use (Cloudflare) DoH?
I’ve tried looking this up on the WWW. I have medium level expertise.
IE11 does not support DoH, you’d have to use something like https://developers.cloudflare.com/18.104.22.168/dns-over-https/Cloudflared-proxy/
Before Android 9 you’d need to install https://play.google.com/store/apps/details?id=com.Cloudflare.onedotonedotonedotone. Since Android 9 I believe it is supported out of the box, you’d just need to configure the URL somewhere in the network settings. A search engine is your friend here
Same as with IE11.
Just FYI regarding Firefox, that you don’t need to go to about:config to enable DoH. It’s actually a checkbox in the UI, on the same screen where you set up proxies (on Linux it’s on the bottom of the Preferences screen, as “Network Settings”:
Is there also a UI for the bootstrapaddress?
Also… my network settings don’t have the “Proxy DNS when using SOCKS v5” ticked; what advantage does that give? See attached:
Don’t know about bootstrapaddress. I did not set or know about it, and https://www.cloudflare.com/ssl/encrypted-sni/ didn’t complain, I’m fully green there.
As for Proxy DNS when using SOCKS - To my understanding it means that instead of resolving the hostnames locally, then asking the SOCKS server to connect to the resulting IP and original port you wanted to connect - you just give the proxy those details, and ask them to do it. From privacy POV - I don’t know if DoH complements this feature or not - i.e. will it open an HTTPS connection of SOCKS and use DNS there, or not. So, if you trust Cloudflare with your privacy anyway, then I think it makes sense to NOT check this checkbox, because that way your SOCKS only knows which IP you wanted to connect, and not what site behind it (in case there’s more than one site behind it, e.g. it is a site that shares a CDN), and especially if that site uses ESNI (see my first link in this message).
Thanks for that.
I’ve looked into everything and I think I’ve got every damn thing ON now. If anyone disagrees please let me know, but please look at my Firefox result below before comment.
@publicarray recently summarised the different values at How to know if 22.214.171.124 is working?
If you choose mode 2 you dont necessarily have to do set it manually but can do so also via the UI, as 2 is the default. 3 and 4 are a safer bet but require the manual adjustment you already performed.
ESNI is a completely different story and can be currently only configured manually IIRC.
The question was mostly related to IE, right?
My Firefox was set to mode 0 when I checked it. I’m not using Nightly or a tester for Firefox.
I didn’t know that mode 3 or 4 were safer; I’ll try and read up on those when I have time. However, given my Cloudflare results what increased benefit would I get?
I agree about ESNI.
Yes, my original question was about IE and Android. I understand and accept that I cannot secure IE as much as I can Firefox.
On the Android front, Nokia (I have Nokia 5) have said that v9 will be out approximately Feb 2019.
All good stuff from you all, thanks.
You can, you just need additional software.
Nokia 5 update: March 2019 security patch is now available mentions Q1, so could be March or maybe later
This topic was automatically closed after 30 days. New replies are no longer allowed.