[Desktop] DNS over HTTPS (DoH): Doesn't always work

[paulmillr]

Description

DNS over HTTPs works properly, but not during browser startup and not for search queries.

Steps to Reproduce

1. Enable DoH in system, set DNS to cloudflare 1.1.1.1, 1.0.0.1
2. Enable DoH flag in brave://flags
3. Restart the browser
4. Open a couple new tabs including https://1.1.1.1/help
5. Ensure the browser is set to restore old tabs on startup
6. Close brave completely.
7. Start brave again.

Also: search engine requests don't seem to be getting through DoH at all. Always.

Actual result:

You can see DoH status on https://1.1.1.1/help. You can track DNS requests via little snitch, lulu, or tcpdump.

It clearly says that DoH is disabled while the page is auto-restored from startup.

DoH is properly enabled if you refresh the page.

Expected result:

DoH is always enabled for all requests.

Reproduces how often:

Easily reproduced

Brave version (brave://version info)

Brave	1.7.98 Chromium: 81.0.4044.113 (Official Build) (64-bit)
Revision	e3225dafb0475864a1812a374d73a92e391635ac-refs/branch-heads/4044@{#936}
OS	macOS Version 10.15.4 (Build 19E287)
JavaScript	V8 8.1.307.28

Version/Channel Information:

All channels

Other Additional Information:

• Does the issue resolve itself when disabling Brave Shields? No
• Does the issue resolve itself when disabling Brave Rewards? No
• Is the issue reproducible on the latest version of Chrome? Haven't tried, Chrome is garbage

Miscellaneous Information:

Try using little snitch, lulu, or tcpdump to track requests. Firefox clearly routes almost all dns traffic through DoH. Brave sends just a couple ones.

[ze0ss]

Hi, a similar issue for me, I have brave Version 1.10.97 Chromium: 83.0.4103.116 (Official Build) (64-bit) windows 10, 1909, and I have enabled the DoH flag, and did everything correctly as mentioned here, and I tried using a few providers such as comcast, quad9, etc, but the browser doesn't launch with these, it launches only while using cloudflare's DoH (--enable-features="dns-over-https<DoHTrial" --force-fieldtrials="DoHTrial/Group1" --force-fieldtrial-params="DoHTrial.Group1:server/https%3A%2F%2F1.1.1.1%2Fdns-query/method/POST). Is there a way to do this correctly, and use a DNS provider a user wishes to, a way different than google's chrome, if so, please let me know. To add another thing, upstream has been testing DoH since chromium v81, any ETAs when Brave would test it/launch it? I never have installed any nightlies till date, and do not wish to for obvious reasons, so I just wished to ask this directly.

[fmarier]

Is there a way to do this correctly, and use a DNS provider a user wishes to, a way different than google's chrome, if so, please let me know.

Not currently, but that is coming. Chromium is currently working on adding a setting to let users control this. Not sure when that is scheduled to ship.

To add another thing, upstream has been testing DoH since chromium v81, any ETAs when Brave would test it/launch it? I never have installed any nightlies till date, and do not wish to for obvious reasons, so I just wished to ask this directly.

Brave has had DoH auto-upgrades enabled (i.e. what Chromium has been testing) since 1.7.x (see https://github.com/brave/brave-browser/issues/1864). However, as this bug suggests, there are still some bugs to be ironed out on the Chromium side before DoH is used for all requests.

[ze0ss]

I see, thank you for replying, now I know that Brave is ~99% dependant on upstream for new features, I had no idea about that though, also, any word on Brave not launching if I use a dns provider other than cloudflare or google? Or is that dependant on upstream too x)

[fmarier]

any word on Brave not launching if I use a dns provider other than cloudflare or google?

I don't know about the specific field trials that you enable with those command-line parameters, but in Brave, you don't have to do anything to enable DoH auto-upgrades. It's ON by default for supported providers.

If that doesn't work for one of the supported providers, then feel free to file a separate issue for that since this one is about DoH settings not working at startup.

[ze0ss]

So, a little progress has been made in upstream, just wanted to know when it'll be available in Brave win10 x64.