This feature requires:
Firewalla Box version 1.966 (Beta) + iOS App version 1.36
To join Beta: settings->advanced->beta program and turn beta 'on'
Learn more on Firewalla Beta Program
What is DoH?
DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.
When you type a web address or domain name into your address bar, your browser sends a request over the Internet to look up the IP address for that website. Traditionally, this request is sent to servers over a plain text connection. This connection is not encrypted, making it easy for third-parties to see what website you’re about to access.
DNS-over-HTTPS (DoH) works differently. It sends the domain name you typed to a DoH-compatible DNS server using an encrypted HTTPS connection instead of a plain text one. This prevents third-parties from seeing what websites you are trying to access.
Firewalla implementation will enable devices under Firewalla monitoring (or connected to the overlay network) to use DoH, even the client uses a different DNS server.
A few important things to know:
- DoH could be slower than traditional DNS queries.
- If directs DoH queries to DNS servers that are operated by Cloudflare/Google, meaning that Cloudflare/Google has the ability to see users' queries.
How to enable DoH?
Tap on "More" button on the main page of Firewalla Box, or go "Settings" -> "Features", you'll find "DNS over HTTPS" feature listed under "Disabled" section. This feature is disabled by default.
To enable "DNS over HTTPS", tap on the feature, switch on the feature button. You'll have to select which devices to apply to, and which server (CloudFlare, Google, Quad9) to handle the DoH queries.
By enabling the feature, Firewalla will direct DoH queries from the applied devices to DNS servers that are operated by CloudFlare, Google or Quad9.
How to check DoH?
To test DNS over HTTPS, please set DNS over HTTPS "settings" to cloudflare (others off), then visit https://188.8.131.52/help
- The family mode may not work if DoH is on.