DNS over HTTPS resolution as an Orion feature (bypassing system DNS)

It may also be interesting to give the availability to set up DNS over TLS along DNS over HTTPS. Cloudflare supports both. NextDNS supports both too and over QUIC too.

I'm also hoping this is implemented as well. Would love to be able to use NextDNS on Orion

<Use a descriptive title! This is what most users will see before upvoting your suggestion. Then, describe your suggestion in detail, including how should it be implemented in Orion and what your expectation is. If relevant, upload screenshots/videos examples for the feature from other browsers.>

Hi I would like HTTPS over DNS would be added to Orion and as default

I know this is an old thread, but I've been playing around with Orion over the last year on and off or so. Looking for a replacement to Brave and Orion is proving to be faster than Brave. However, a must-have feature is secure DNS, as more and more providers now hijack DNS for one reason or another. This may not happen in the US, but is happening in many countries.

gp Yeap this is absolutely right. Even a router level static DNS gets hijacked by my ISP, both at home and at work - all ISPs are mandated by my govt to do this, as part of their effort to censor the internet. Reddit, Vimeo, Tumblr, all blocked nationwide.

At home I have Pihole running on a separate machine locally dishing out DNS queries - so this is not a problem. But at work, I have no control over that and I rely on browsers like Brave to access the free internet. I'd rather not use VPN as it can be a hassle with content providers like Netflix.

System DoH is certainly the proper way of handling this so I'll just share my use cases that don't fit it.

1. Business VPN hijacks DNS configuration and now I'm leaking all requests to my company's (or a 3rd-party). I trust them with my business request but unfortunately we all do personal stuff everywhere and having a specific browser with my specific DoH configuration would avoid that.

2. Many devices, many physical networks, lots of unpredictability with different configs. Having a specific browser I know is using DoH for sure would give me more peace of mind that I'm not inadvertently leaking DNS.

My reason for wanting this is that I have a DNS over HTTPS server and when using Google One's VPN, the server is completely bypassed.

Vlad i cant set at system level because i cant change company dns. doh in broswer can bypass whatever system has.

Vlad you seem very dismissive of this request that seems very legitimate. The idea of app level DNS is that it can bypass OS level DNS, for several reasons. For example, due to policies installed on the system. I have seen OSs block domains because they have never seen them before. So if you have jsut created a domain, it will be blocked at the OS level (for example by OpenDNS) until you ask for permission. But whitelisting one off domains is also not good practice.

Since many browsers implement this, I guess my question is, is this very difficult to implement, or does webkit not allow browser level DNS resolution?

forest9 Yes, difficult to implement and very niche. We have 2000+ open issues that are easier and affect everyone, and a team of three devs. Patience please.

I get it and I think everyone in this thread also does. We absolutely do not want you to rush or anything, but maybe communicate that in advance, bc from reading this thread, you are making it seem like this is not a valid use case, with "why not just use OS level DNS?". I mean other browsers' devs aren't ignorant to OS level DNS. Somethign can be a valid use case and not be a priority, just say so. You'd be surprised at how understanding users are when you communicate clearly.

forest9 Yes, I am expalining why is this not a priority for us. Also note that part of our philosophy is to be a native macOS app, which means respecting the way Apple wants things to be done on macOS. Other browsers are mostly native to Windows (even eith their macOS version) where things are done very differently.