Mozilla has announced plans to begin enabling DNS over HTTPS by default for a small percentage of Firefox users in the USA, "starting in late September." This is motivated by a desire to improve consumer privacy on untrusted networks, but could negatively impact people on the University of Illinois campus network, so Technology Services is taking action to avoid impairing the default user experience.
What's the impact?
Briefly, using DNS over HTTPS means that Firefox will automatically send its own encrypted DNS requests to servers operated by CloudFlare, instead of using the normal DNS resolution provided by your computer's operating system. For users on our campus network, this means not getting the benefits of the campus DNS resolvers, which include:
-
optimized experiences for some University of Illinois services which intentionally provide different DNS answers to on-campus vs off-campus clients
-
blocking of known malicious domains by Privacy and Information Security (e.g. to combat targeted phishing attacks against members of the University of Illinois community)
-
troubleshooting support by Technology Services if you report a problem that appears related to DNS resolution
What we're doing
To maintain the best possible default user experience, Technology Services will configure the campus DNS resolvers to return a negative response for the canary domain use-application-dns.net which is owned and operated by Mozilla for this express purpose. This tells Firefox not to enable DNS over HTTPS by default while your computer is on campus and using the campus DNS resolvers. It will not affect the default behavior of Firefox while your computer is on other networks (using other DNS resolvers), nor does it prevent you from manually choosing to always enable DNS over HTTPS. This configuration change is planned for October 2.
Chrome version 78 will also use DNS over HTTPS, but only when the operating system is already using a DNS resolver which is known to support it. This opportunistic approach will not impact the default user experience on campus.