How to enable DNS over HTTPS in Chrome

Little update via this:

Tentative timeline
We are aiming for an experiment in Chrome 78 (branch cut: Sept 5th; estimated Stable: Oct 22nd) followed by a launch if everything goes well.

Chrome 78 (Branch cut likely will mean a Chrome Canary release) will have a real chrome://flags option for DoH support so you will be able to avoid the command line switch you currently need to do the above.

Once again, see the first link above for the instructions to enable it before v78.

@aminkhoshnood, wouldnt it be easier to switch to Firefox?

Just sayin’

https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiTm8iLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiTm8iLCJkYXRhY2VudGVyTG9jYXRpb24iOiJIS0ciLCJpc3BOYW1lIjoiQ2xvdWRmbGFyZSIsImlzcEFzbiI6IjEzMzM1In0=

I still got No in Doh; using the above alfred workflow - chrome v78

image.png655×875 63.7 KB

see below post

in chrome://flags, there’s nothing except this when search for dns

Anonymize local IPs exposed by WebRTC.
Conceal local IP addresses with mDNS hostnames. – Mac, Windows, Linux, Chrome OS

#enable-webrtc-hide-local-ips-with-mdns

in chrome://version, the command line already contains enable-features

Looks like they rolled out changes to how DoH is handled in “managed” browsers (when any policy whatsoever is present).

If you see “managed by your organization” in the Kebab menu (tripple dot)

image322×504 7.98 KB

That means Chrome, in order to prevent rollout issues breaking DNS filters, won’t show the “Secure DNS lookups” in chrome://flags/#dns-over-https.

I had a bogus policy set up from some stuff I was trying, so it was hidden from me. Removing it shows:

image787×315 18.6 KB

Now, as to which DNS over HTTPS server it chooses is based on the existing DNS servers your DHCP is sending (or the servers configured in windows/macos, not sure).

See this commit:

It uses the DNS set up to choose the DNS server it should upgrade to. If your Router is broadcasting 1^4 IPs as the DNS endpoint to use, Chrome should use 1.1.1.1’s DoH server and https://1.1.1.1/help should show DOH enabled.

@tuananh as to your setup, let me know if it’s a managed browser; if it’s not, there might be something else gating the visibility of the feature flag.

it’s managed indeed.

do you know where that setting is. this is just my personal google apps where i’m the admin.

chrome://policy will show you any policies set up, disabling those might disable the managed state. Otherwise i would guess disabling MDM for your domain would no longer have it show as managed (this might require sign out/in though, unsure) Stop managing mobile devices for your organization - Google Workspace Admin Help

my policies looks like this

{
   "chromeMetadata": {
      "OS": "macOS Version 10.14.6 (Build 18G87)",
      "application": "Google Chrome",
      "revision": "40bede06f8a7a191fc28dbebdad52d6917cec4fe-refs/branch-heads/3902@{#8}",
      "version": "78.0.3902.4 (Official Build) dev (64-bit)"
   },
   "chromePolicies": {
      "MaxInvalidationFetchDelay": {
         "level": "mandatory",
         "scope": "user",
         "source": "cloud",
         "value": 10000
      }
   },
   "extensionPolicies": {
      "cjpalhdlnbpafiamejdnhcphjbkeiagm": {

      },
      "ghbmnnjooekpmoecnnnilnnbdlolhkhi": {

      }
   }
}

i disable MDM but it’s still not available after sign out / in

Ya, you’re going to have to remove that one policy, but I can’t find anything related to removing them on Mac (It’s easy on windows since it’s all Reg keys). Hope you can figure it out.

why my chrome doh keep failing , and i need to restart the chrome every once in a while to make the doh working . Anyone have the same issues ? . i enable dns over https on chrome://flags/#dns-over-https , on my network configuration i put 1.1.1.1 and 1.0.0.1 on dns option. i check whether my doh is working by go to this site https://1.1.1.1/help . Everything ok but on 10 to 15 minutes while browsing the dns is failing and revert back to my isp dns , and I need to restart the chrome to make the doh working again.

Its not working with Chrome OS. It has the “Secure DNS” on the chrome://flags page but despite being enabled(for some time now on my chromebook) its not working. Also using Cloudflare DNS on all my devices. And its working fine on Android and Windows 10. So when will Chrome OS catch up?

Screenshot 2020-01-09 at 8.45.29 AM1616×2170 328 KB

https://1.1.1.1/help#eyJpc0NmIjoiTm8iLCJpc0RvdCI6Ik5vIiwiaXNEb2giOiJObyIsInJlc29sdmVySXAtMS4xLjEuMSI6IlllcyIsInJlc29sdmVySXAtMS4wLjAuMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjExMTEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiWWVzIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiS1VMIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiQ2xvdWRmbGFyZSIsImlzcEFzbiI6IjEzMzM1In0=

I enabled secure dns in chrome://flags.

My dns servers for the computer are 1.1.1.1 and 1.0.0.1

But I’m still not able to use DoH.

Incidentally, the Cloudflare app on my IOS device perpetually shows “Connecting”.

Could my isp by blocking DoH?

Thanks

Chrome will only enable the DoH if you configure 1.1.1.1 as a system resolver in the network settings (you’d see “Connected to 1.1.1.1 Yes” as well).

Cloudflare is set as the systems dns server and yet I am still not connected to 1.1.1.1. Same issue with all my other computers at home and at work.

Screenshot 2020-01-11 at 6.10.24 AM1174×792 62.8 KB

There seems like there was a problem with the test page, it reported DoH as not enabled in some cases when it was enabled. Any chance you could try again?

Tried it just now, works now with the same config. Thanks!

Screenshot 2020-01-14 at 7.59.23 AM1730×2250 344 KB

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.