Cloudflare’s 184.108.40.206 DNS service and Google’s Public DNS are marketed as a way to speed up and secure internet usage. If a user changes their DNS servers to Cloudflare’s 220.127.116.11 DNS servers or Google’s 18.104.22.168 DNS servers, it’s supposed to make their internet faster and safer.
The safer part is due in part to its use of DNS-over-HTTPS (DoH). Cloudflare describes DoH as:
If you are visiting a site using HTTPS, your DNS query is sent over an unencrypted connection. That means that even if you are browsing https://cloudflare.com, anyone listening to packets on the network knows you are attempting to visit cloudflare.com.
DoH encrypts the connection which keeps DNS queries private and secure. It’s something that everyone should consider using, but most people aren’t aware that they need it, and they don’t possess the skills to change their DNS servers.
Lack of interest and knowledge in 22.214.171.124's DNS service is what prompted Cloudflare to change its approach. Instead of trying to get people to change their DNS servers, they decided to encourage people to install its 126.96.36.199 app. Their selling point has been that it will make their internet faster, and there’s never a mention of DoH. It has been a clever campaign, but it still requires educating the market in order to get a significant adoption rate.
Making everyone use DoH by default
The only way to get mass adoption of DoH is to bake it into web browsers, and that’s what Mozilla Firefox and Google Chrome have decided to do.
Mozilla has partnered with Cloudflare to use their 188.8.131.52 DNS service with Firefox. Mozilla plans
to gradually roll out DoH in the USA starting in late September. Then they will start
slowly enabling DoH for a small percentage of users while monitoring for any issues before enabling for a larger audience.
Google has added DoH to Chrome, but it’s not on by default yet. The only way to use DoH in Chrome is to turn it on by using a command line flag. Catalin Cimpanu, a security reporter for ZDNet, has posted instructions on how to activate DoH in Chrome. However, Google has stated that they plan to turn DoH on for all users in the future.
The switch to DoH in browsers isn’t expected to be an easy one. There are concerns about conflicts with parental controls, enterprise configurations, and general DNS lookup failures. The rollout of DoH is expected to be slow, but eventual, for both Firefox and Chrome.