DNS-over-HTTPS will work in Google Chrome for Linux
The Google Chrome developers have announced plans to roll out DNS-over-HTTPS (DoH) support in the Chrome browser for Linux. DoH is already supported on Windows, Mac, ChromeOS, and Android.
The developers announced the launch of the open-source Chromium project, which will release a version of Chrome for Linux with DNS-over-HTTP support. The project participants expect that it will be the M91 or M92 version.
"Chrome has never supported DoH on Linux because it would require Chrome's built-in DNS client, which is currently disabled on Linux," the project document says. In addition, Chrome did not support advanced Linux DNS configuration through the nsswitch.conf name service switch configuration file.
For the built-in DNS resolver to work seamlessly with Linux, Chrome needs to parse the Linux DNS configuration. Then Chrome could honor the extended host resolution configuration settings specified in the nsswitch.conf file.
"Since the Chrome converter does not support changing these mechanisms or their ordering, Chrome's support for nsswitch.conf compliance will be limited to determining whether the configuration is generic, consistent with Chrome behavior," the project document explains. Otherwise, the browser will not switch to DoH or use the built-in DNS resolver, unless the user chooses the DoH server in the settings.
In addition, Chrome developers recalled that if the DoH server lags, this can negatively affect page load performance. However, they clarified that the update will only affect the DoH servers of that vendor, which are expected to provide similar performance. When deployed on other platforms, DoH was only slightly slower than classic DNS and had a "negligible" impact on overall Chrome performance, they point out.
In February, Microsoft disabled DNS-over-HTTPS on all Edge channels due to performance issues. In March, access to DoH servers was restored for all pre-stable channels (Canary, Dev, Beta).
Earlier it was reported that hackers who disguise malware in fake Windows error logs have learned to use Google's DNS-over-HTTPS for this.