47

System DoH is certainly the proper way of handling this so I'll just share my use cases that don't fit it.

  1. Business VPN hijacks DNS configuration and now I'm leaking all requests to my company's (or a 3rd-party). I trust them with my business request but unfortunately we all do personal stuff everywhere and having a specific browser with my specific DoH configuration would avoid that.

  2. Many devices, many physical networks, lots of unpredictability with different configs. Having a specific browser I know is using DoH for sure would give me more peace of mind that I'm not inadvertently leaking DNS.

4 months later

My reason for wanting this is that I have a DNS over HTTPS server and when using Google One's VPN, the server is completely bypassed.

    2 months later

    Vlad i cant set at system level because i cant change company dns. doh in broswer can bypass whatever system has.

      3 months later

      Vlad you seem very dismissive of this request that seems very legitimate. The idea of app level DNS is that it can bypass OS level DNS, for several reasons. For example, due to policies installed on the system. I have seen OSs block domains because they have never seen them before. So if you have jsut created a domain, it will be blocked at the OS level (for example by OpenDNS) until you ask for permission. But whitelisting one off domains is also not good practice.

      Since many browsers implement this, I guess my question is, is this very difficult to implement, or does webkit not allow browser level DNS resolution?

      • Vlad replied to this.

          forest9 Yes, difficult to implement and very niche. We have 2000+ open issues that are easier and affect everyone, and a team of three devs. Patience please.

              I get it and I think everyone in this thread also does. We absolutely do not want you to rush or anything, but maybe communicate that in advance, bc from reading this thread, you are making it seem like this is not a valid use case, with "why not just use OS level DNS?". I mean other browsers' devs aren't ignorant to OS level DNS. Somethign can be a valid use case and not be a priority, just say so. You'd be surprised at how understanding users are when you communicate clearly.

              • Vlad replied to this.

                forest9 Yes, I am expalining why is this not a priority for us. Also note that part of our philosophy is to be a native macOS app, which means respecting the way Apple wants things to be done on macOS. Other browsers are mostly native to Windows (even eith their macOS version) where things are done very differently.

                    4 months later

                    I guess this join the proxy support feature request as implementing this can be done through proxy integration… I would really love such feature proxy/dns support…

                    A lot of browser mimic that feature by just using system wide vpn which is bizarre and not super secure if we don’t want to tunnel everything (like opera or aloha)

                    Frankly adding such feature would be very beneficial for the popularity of the browser because of the uniqueness of its features. And this is far from being a niche feature it all depends on how it is presented… something like “Adguard support” can be more appealing to many.

                    Lastly I understand the phylo of keeping things as apple entend it. But bear in mind that a lot of new features were first added by enthusiast on jailbreak or innovative developers. If something is technically appealing and is not a wrong doing you should go for it like you did with the extensions.

                    One last thing, those who promote the most your product/browser are the geeks and IT passionate that you may consider a niche.

                      3 months later

                      This is the importance of implementing something like this. The second image is Firefox using my NextDNS with DoH, the next image is Orion. I am unable to use DoH or DoT. I have my mac set up with the certificate from NextDNS, I also changed the DNS settings in System Preferences. My router has NextDNS installed. Yet somehow Orion bypasses all of this where none of my other applications do. I would love to see this implemented as I am sure many other people would too. I usually never post on discussion posts so I know there are hundreds of other users who want this feature too but will likely never voice their concerns.

                      Because this feature isn't integrated, Firefox is my default browser, but once this is integrated I will likely change my mind as I prefer zero trackers and am impressed with the rest that orion offers.

                      Until then, the only reason Orion is installed on my computer is to see if DoH is implemented.




                        22 days later

                        I have found the fix if you are using NextDNS. Be sure to add Domain DNS settings in System Settings under Network and then DNS. I would recommend adding both HTTP and TLS URLs from NextDNS. It seems Orion will ignore the IP address DNS settings and opt for the Domain DNS settings. I still can't get the cert to work but that's fine.


                          I also had to install NextDNS via Homebrew

                            No one is typing