Here’s a blog post I write about a week ago, Chrome currently supports a command line flag for enabling DNS over HTTPS functionality.
The only warning is that Chrome may change/modify the command line argument needed in the future, so check 220.127.116.11/help periodically to make sure DoH is still working.
You may notice this really only focuses on Windows. Currently, I am not aware of a way to persist this command line argument on macOS since the official guide only mentions opening a terminal, which means you can’t have DoH by just clicking Chrome from the dock.
We are aiming for an experiment in Chrome 78 (branch cut: Sept 5th; estimated Stable: Oct 22nd) followed by a launch if everything goes well.
Chrome 78 (Branch cut likely will mean a Chrome Canary release) will have a real chrome://flags option for DoH support so you will be able to avoid the command line switch you currently need to do the above.
Once again, see the first link above for the instructions to enable it before v78.
Absolutely, for daily usage I prefer Firefox (+ cloudflared on macOS ), just I saw there is not enough document regarding this topic
I will do anything to see DoH and ESNI activated on all platforms and browsers, it will help people with “censorship regimes” a lot.
Old text of post
I'm not at liberty to go digging through the chromium source to find out why, but it looks like the flags don't work on Canary - currently it only works on stable (v76).
To confirm you launched with the flags, go to chrome://version and make sure “command line” contains the flags (--enable-features=...)
If possible, in Canary, could you take a screenshot of chrome://flags after searching for “DNS”? My chrome doesn’t show anything about “Secure DNS lookups”, yet this post shows it should be available in v78.
Now, as to which DNS over HTTPS server it chooses is based on the existing DNS servers your DHCP is sending (or the servers configured in windows/macos, not sure).
See this commit:
It uses the DNS set up to choose the DNS server it should upgrade to. If your Router is broadcasting 1^4 IPs as the DNS endpoint to use, Chrome should use 18.104.22.168’s DoH server and https://22.214.171.124/help should show DOH enabled.
chrome://policy will show you any policies set up, disabling those might disable the managed state. Otherwise i would guess disabling MDM for your domain would no longer have it show as managed (this might require sign out/in though, unsure) https://support.google.com/a/answer/7581380?hl=en