Enable This Setting on EVERY Web Browser

He's so powerful. He can slide buttons with his fingers no mouse required.

A few comments:
1. DNS lookups should preferably be done by the network stack in the operating system, not by the application, such as a browser. It might cause that different applications on your computer to connect to different IPs for the same site due to different IPs being returned by the DNS used by the browser and the DNS used by the OS.
2. So your ISP can't just look at your secure DNS requests to see what sites you're connecting to, but instead, Cloudflare gets to see all DNS your requests, so who to trust?
3. Some companies/organizations etc, use special domains and/or names for internal resources that are not resolvable by an external DNS provider like Cloudflare, so you might no be able to access them.
Cloudflare's main business is hosting sites and data for other companies, accessible with high performance and protection from DDoS attacks globally. Using dynamic DNS resolvers that map a name to different IP addresses based on network and system load, your location, location of data needed to serve your request, and so on, is an important part of that service.
Might they have additional motives to see as many DNS requests as possible? Let's say Bank A is a Cloudflare customer, would they be willing to pay for data on DNS requests for Bank B from a certain region for example? Of course, they would!
I'm not saying that Cloudflare does it today, but we all know that there is immense value in data regarding customer behavior.

who else misses the poll feature lol, I remember all his videos had a stupid poll at the beginning...

Thank you for splitting the spands of the video up to different chapters, this makes it allot easier.

been using private dns a year already, so far so good it also improves my connection

Very good cursory discussion on the why this information is important. The browser demonstrations that you provided were easy to follow. Love that this video was short and got to the point.

Reason number 3: some countries like Australia have “metadata logging laws” where your ISP logs headers of your traffic and thus knows which websites you are visiting when you make requests via standard unencrypted DNS. If the DNS lookup is encrypted then this makes it harder for a third party (government, law enforcement etc) to track your browsing activities.

I love the way he tries to dumb things down so even I can understand them. It didn't work, but I still appreciate the effort.

Bro I am one of your old subscribers... I always liked each videos of yours. Always learnt something new! You are so easy to understand. Massive respect.

Me: So many work to do.
ThioJoe: *new video*.
Me: watches video anyway 😁.

I do this the most secure method: I handwrite each DNS request, put it in an envelope, mail it, and wait for the reply.

Thank you for the helpful information & tutorial!

Great, great tips! I had never heard of it, thanks Joe

been doing DNS over TLS for a while at the router level

Thanks, bro.

thiojoe thank you for teaching us really good tips for windows! cant wait to see u get 3m subs!

Nice video Joe keep up the good job

Thank you very much for this video. I learned a lot today. It's a good thing I have a new Samsung. I followed your instruction for it. Thanks, ThioJoe.

Thx you for clarifying this cdn affair and others! You are right: "certainly, more knowledge than you are bargaining for..."

Nice vid. It was very helpful. Thanks 👍🏻👍🏻

Amazing channel! i have seen already your ssd failure video and this one and i can say that i am so benefited. Btw what about Linux machines?

The best youtube channel.....thanks joe for sharing valuable knowledge :)

Thank you, your videos are always so informative! Unfortunatly I came across this one too late as esni has been pulled from Firefox-esr and replaced with something else (which seems to be incomplete). There's now no protection for SNI....unless you know something I don't and I'm pretty sure you DO! 🙂

Pretty informative and usefull video.
Thanks!

Thanks, Thio for this video it's really useful.

Always interesting, thanks.

Thank you for the information!

Thanks, these are pretty useful

I just set my private dns in phone with cloudflare
Love this video❤️

Great content as always.

seems to me if your router had already set to a version of the "DNSS", the handshake check gives false negative ( or if you have a another app like say a app manager app with a VPN, it also happens the same. disabling that VPN gives a postive)

Thanks Thio! I'm one step closer to getting my pc to *MAXIMUM* power.

Super helpful, especially for iOS. thank you 😃

Really useful!

Very informative, Thanks!

Thank you for the video!

Great vid Theo

thanks bro..more power to your channel

You deserve more views :(

Thanks so much for the info

Very nice video explained everything well

I do this in Control Panel which gives a....'global effect' to this setting rather than effecting just one browser.
It can also be changed in Settings under Network & Internet \ Ethernet - then click on Edit next to DNS Server assignment

Thank you, your vids help alot.

I just checked my firefox and it's already enabled. Nice.

Thank you Joe !

Thanks for this wanted cloudflare on my iPhone

Great video!

"Wu Tang Lan" killed me

Just a note to anyone doing this for iOS or iPadOS: You must do this in Safari, not in your preferred browser for the profile to be acknowledged by the system. Otherwise it’ll just downlload but won’t show up in Settings.

Muchas gracias por el gran tutorial. Pero me quede en duda. Si es posible hacer una configuración del DNS del Router de la casa... podrías ayudarme con mi duda por favor...

Great channel, wish u had more mac stuff

man i like all ur videous thnks for these things

6:00
There is actually another hostname for this, 'one.one.one.one', so you don't have to remember that long hostname.

I have AdGuard DNS configured directly on my router. Greatly increases my connection speeds by automatically blocking spammy ad URLs from loading at all on my network.

What a fascinating video.

What is the difference between changing DNS from WI-FI setting and chancing from browser or system settings.

Wow!! I'm so happy that I'm in this video. Thank you ThioJoe

Thanks bro

Good vid thanks for the info

Thx a lot for this vid!!!!

I wish I could upvote this more than once.

A system wide DoH/DoT for Windows OS are possible, if it would follow upon how DNSCrypt was implemented/deployed for client side.

I changed it like you mentioned but the test site still gives me a question mark for Secure DNS.

Very useful👍

Turned DoT on for cloudflare in my router which has the option (The router node of an Asus XT8 mesh system). Cloudflare's browsing check says everything is secure except for the "Secure SNI" as mentioned near the end of the video.
From my understanding this should work fine as long as the web browsers of each client on my network specifically direct all DNS queries to the router.

Did it. I trust you man. Thanks.

Very informative. Thank you !
Edit: uh...yea, I got lost. Hackers may intercept where you're going by reading an unencrypted name - I don't think it will ever be secure; just very, very complex.

Thank You Sir. 💥💯

I was waiting for this video but I fell asleep 😞. It's 12:30am here in the Philippines

I’ve heard that people won’t use HTTPS for DNS due to the fact that it forces your browser to resolve to a big-scale DNS rather than more local ones

It was already enabled on my Firefox browser, but thanks for the heads up.

Do you know how this can be set up without losing access to local IP addresses (like Router Interface etc.)?

Whenever I see a thumbnail with a person putting there fingers on a button or switch. I remember, ThioJoe

Nice one

Thank u Man, u are Great.

Turn off privacy sandbox in chrome settings though so it doesnt send your (slightly anonymised but still gives them a good picture of what you do) browsing data to websites

Thanks!

Damn good video. Keep it up.

After running tests, I can't seem to get any of the DNS Over HTTPS profiles to work on MacOS Big Sur 11.4 after installing the profile in SYSTEM PREFS > PROFILES.
Installation DNS Over HTTPS worked fine on iOS 14.6.

Do I need to encrypt SNI too? Currently it is not.
EDIT: LOL you are already addressing it. Great.

Thanks Man .you amazing.

good video Quad9 is also another good one even better than Cloudflare when it comes down to security

Ahhh this video is so good thnx u

No pun at all, but of all the channels i watch across many sectors for flavor, education, fun, gaming etc there is pretty much just two that teaches me tech to be better at computer tech and keep learning new stuff i didn't even know. That's Linus and this channel. There is so much stuff to keep keeping up with there is just no way the average person can keep up with just Tech singularly. So cheers to Thio for helping us all to becoming at PC Tech/Tech. I had no damn idea about this browser setting. Thanks man!

*Windows 11 and DHCP*
I tried to force DNS on all the time but when I try to change to MANUAL in the settings the other options are greyed out and when I SAVE the manual setting it just reverts back to AUTO. Just messing around, but I suspect this is a work in progress and possibly not something end users are allowed to mess with quite yet. I did enable it for Chrome as per the video instructions.

For me this works on firefox but for some reason the setting is greyed out in chrome and it won't let me turn it on

Is this similar to using a DNS on the router level? I have an Asus AC88U. There is a WAN DNS Setting under the Advanced Settings - WAN. Would this work the same without configuring individual devices?

Thio joe is the best youtuber ever

Would I need to do this if I already have Cloudfare set at the router level (to point to their DNS) ?

To Enable DNS over HTTPS (DoH) on the Opera Browser,
Click on the Opera icon to open the browser's menu,
Pick Settings from the menu,
In Settings, click on Advanced
On the right, scroll down to the System section.
Turn on the option Use DNS-over-HTTPS instead of the system's DNS settings.

Great stuff man,
The only problem is for some reason in Google Chrome on desktop once I close out of Google Chrome, DNS is no longer secure and so I have to fix the setting every time I open Chrome, how do you save this browser setting?

Hey ThioJoe: I got the cloud flare dns to work on my Android but am still vulnerable to SNI hacking?

One thing to note: it won't work in Edge if you use tools like O&OShutup10 to configure Windows 10 privacy. I just enabled the DNS in my router instead.
2023 edit: For those who don't already know, Windows 11 sets DNS over TLS separately from Edge so you can just enable it there. In most cases, just add the DNS numbers, choose "On (automatic template)", and you're good to go.

Should I be using "Public Network" or "Private Network"? I have a modem from my IPS & using Windows.

Hlo bro! You are my hero of computer science🖥️💻😊😊😇😉

One thing I like about Firefox. This setting is already enabled.

Owesome bro

I can't see it on chrome, I went to the Privacy and Security section but when I scrolled down to the Advance section, there's no option for secure DNS, only Manage security keys, Manage certificates, and Google Advanced Protection Program.
Note = I'm using Chrome Version 91.0.4472.77 (Official Build) (64-bit) on Linux Mint if that help's.

Worked for me on mobile. Use to just put Google to redirect it but will try 1dotcloud. My work computer was grayed out, even tho I was logged in chrome with my personal account the network is "managed"

@5:40 For android; Are you saying to choose 'automatic' then? but if 'automatic' can't be chosen then to choose 'private DNS provider name' instead? You just haven't specifically specified to choose automatic so I'm asking.