I am trying to understand how DNS-over-HTTPS (DoH) works in both Chrome and Firefox browsers.
To do so, I have enabled DoH on each browser and set the DNS provider to Cloudflare DNS servers (
220.127.116.11), at both browser and operating system level (Windows 10 in my case).
However, the traffic captured by Wireshark shows that there are still multiple DNS request that are made in clear text:
While some of those requests are probably issued by other desktop applications that do not implement DoH, there is one request pattern which seems strange to me:
Everytime I search some text (say
foo for example) in the URL search bar and press Enter, a DNS request is made to the Cloudflare resolver with the domain name
foo.lan. Unsurprisingly, the server answers with a
No such name DNS response.
After doing some research, this behaviour actually appears to be linked with DNS prefetching.
To make sure of that, I disabled the DNS prefetch flags in both Firefox (
network.dns.disablePrefetch) and Chrome (
Use a prediction service to load pages more quickly option toggled off), but the prefetch requests are still being sent as before.
This raises three questions to me:
- Why DNS prefetch requests still occur when the feature is disabled ?
- Why are those requests made with the
- Why DNS prefetch requests are sent in clear text even though DoH is enabled ?
Please note that I have also tried to change the default search engine from Google to Bing, but the results are unchanged.
Any help would be very appreciated.