[FYI] Google / Chrome: "Experimenting with same-provider DNS-over-HTTPS upgrade"

For your information

As part of our long standing commitment to making the web safer to use, we will be conducting an experiment to validate our implementation of DNS-over-HTTPS (aka DoH) in Chrome 78.
[…]
Our experiment will run on all supported platforms (with the exception of Linux and iOS) for a fraction of Chrome users. On Android 9 and above, if the user has specified a DNS-over-TLS provider in the private DNS settings, Chrome may use the associated DoH provider, and will fallback to the system private DNS upon error.

Read full report

I found that Chrome is now pushing ahead on this as well and that it becomes the default on FF this month.

Is there any more information available on what the impact on pihole users might be?

With Firefox it can be covered already manually and will be default covered in the next release of Pi-hole.

With Chrome you have set the flag yourself. I can download the Enterprise document in wich maybe the central controle described.

I’m starting to wonder if they are doing this to get statistics.

It depends on how Chrome determines the system’s dns. If it simply looks up the OS’s dns, then Chrome will not have a corresponding DoH server for your private pihole. But if it does a more exhaustive lookup, such as those on dns leak tests, and the upstream dns of your pihole has a DoH equivalent, then it may the DoH server directly.

This is all very speculative.

They could equally well just enforce their own (Google’s) DoH server, why even bother trying to find a (reliably working!) local server?..

Very true I shall hush now.

This would back my theory a little.

It’s not speculative. If the current dns has a corresponding DoH server then Chrome will automatically switch to DoH. How does Chrome determine if there’s DoH server available? It’s has a list of supported DoH servers:

  • Cleanbrowsing
  • Cloudflare
  • DNS.SB
  • Google
  • OpenDNS
  • Quad9

This is straight from the horse mouth. https://www.chromium.org/developers/dns-over-https

This is in contrast with the quoted blog entry stating:

By keeping the DNS provider as-is and only upgrading to the provider’s equivalent DoH service, the user experience would remain the same.

My ISP does not offer a DoH equivalent. However, in the future, they might want to enforce the “best” for their users:

As part of our long standing commitment to making the web safer to use […]

But, yes, again speculations.

Seems pretty clear to me. If you using one of the listed dns, then Chrome will use the DoH. If it’s not on the list then Chrome won’t make any changes.