DNS over HTTPS doesn't work anymore on Brave Desktop

@Tiak

So, our MXToolBox DNS Check results are the same.

What about the other two tests:

Screen Shot 2022-06-24 at 9.31.33 PM

For the ‘nslookup’ test, we are interested in the response for:

  • Server: [an IP address]

That IP address number, might match the response from the ‘nextdns.io’ result:

  • resolver: [an IP address]

(‘NextDNS.io’ probably shows only the last DNS server used.)

@Tiak

Please remove the large screenshot - it is not helpfull, because . . .

The IPv4 addresses shown, are for the two cloudflare name servers.

The ‘nslookup’ result for Windows, does not show the:

  • Server: [IP address]

a particular results field shown, in my Mac’s Terminal.app.

That IP address (if your results showed the field), would be your DNS server IP address.

Apology: Tonight, I am having a tough time writing; thus, the many rewrites.

@Tiak

Try . . . for every Brave Browser profile that you have

In a Brave Browser > New Window, go to: brave://settings/shields

Next, go to: brave://settings/security

  • DISABLE: Always use secure connections (HTTPS ONLY toggle switch)
  • Disable: Use secure DNS

Next, in the ‘Brave-Browser’ folder or its sub-folder ‘User Data’ folder, at:

  • C:\Users\username\AppData\Local\BraveSoftware\Brave-Browser\User Data\

. . . locate the ‘oofiananboodjbbmdelgdommihjbkfag’ folder and move that folder to your Windows OS Desktop.

That ‘oofiananboodjbbmdelgdommihjbkfag’ folder, is for the HTTPS Everywhere Updater and represents the HTTPS EVERYWHERE component.

Next, Exit / Quit everything and restart your computer. A new ‘oofiananboodjbbmdelgdommihjbkfag’ folder will be created by Brave Browser, when you start up Brave Browser.

When you are ready, then return to: brave://settings/security

  • Enable: Use secure DNS

and test.

You might look around the: brave://chrome-urls/#internals

I have the excact same issue.
brave://management/ says that the Browser is not managed.
But the Setting for secure DNS is greyed out
Same on Google Chrome and Edge did show in the Drop Down Menu (Three Dots), that the Browser is managed. I could fix everything for Edge by deleting the Policies entry for Edge in.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Edge
and
HKEY_CURRENT_USER\SOFTWARE\Policies\Edge
But it didn’t change anything for Brave and Chrome.
Mozilla Firefox works as intended.
I have no Idea how to fix that. I guess its a bug of Chromium but I am not sure, because I could fix it for Edge by deleting policy registry entries. Also it works on all of my other Windows Machines. And it worked before.

I found that Issue for the Bromite Browser:

That is basicly the same. But I don’t exactly understand what they are talking about.

Best wishes
Metzger.

Same Issue as described above, It looks like the same issue as described in bromite and on these forums.

Which extensions? As we get deeper into the rabbit hole, wondering if we can validate this somehow.

Also, do you have LastPass installed?

or SpywareBlaster?

@Metzger100

Reviewing your issue . . .

In a Brave Browser > New Window, at: brave://management

‘brave://management’ says: ‘This browser is not managed by a company or other organization. Activity on this device may be managed outside of Brave.’

After that portion, there is a ‘Learn more’ link, to Brave Support > Help Center, where I found:

That Help Center web page does mention Windows OS Registry key adjustments / settings.

Continuing, you wrote: ‘But the Setting for secure DNS is greyed out’

And: ‘Same on Google Chrome’

So, for Google Chrome,

  • ‘Use secure DNS’ is ‘greyed out’, and
  • ‘This browser is not managed . . .’ (but do not now if true or false feedback)

Continuing, you wrote: ‘Edge did show in the Drop Down Menu (Three Dots), that the Browser is managed.’

So, for Microsoft Edge,

  • ‘Use secure DNS’ is ‘greyed out’, but
  • ‘the Microsoft Edge Browser is managed’, and

you are able to ‘fix everything for Edge by deleting the Policies entry for Edge in’:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Edge , and
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Edge

Continuing, you wrote: ‘But it didn’t change anything for Brave and Chrome.’

By your usage of ‘it’, I am guessing that you mean, for Brave Browser at least, you searched for:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave , and
  • HKEY_CURRENT_USER\SOFTWARE\Policies\BraveSoftware\Brave

but did not find those.

Try searching in the Windows OS Registry, for ‘DnsOverHttpsMode’

I found in a Chrome Enterprise Policy templates list at:

the file: ‘chrome_policy_list.html’

In that file, a section entitled: ‘DnsOverHttpsMode’ - and there are three modes:

  • ‘off’ = Disable DNS-over-HTTPS
  • ‘automatic’ = Enable DNS-over-HTTPS with insecure fallback
  • ‘secure’ = Enable DNS-over-HTTPS without insecure fallback

The following uploaded text file, has the ‘DnsOverHttpsMode’ and ‘DnsOverHttpsTemplates’ sections from that ‘chrome_policy_list.html’ file:

DnsOverHttpsMode.txt (3.7 KB)

R&D work. Be sure to first back up your Windows OS Registry. You might try to create:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\DnsOverHttpsMode , and
  • HKEY_CURRENT_USER\SOFTWARE\Policies\BraveSoftware\Brave\DnsOverHttpsMode

I do not have a Windows OS machine, with which to test.

Note, there are now two Chrome Enterprise Policy templates list links:

The ‘chrome_policy_list.html’ file (approx. 2.1MB). When downloaded, change the filename suffix from .txt back to .html:

chrome_policy_list.txt (2.0 MB)

Also, a bit from:

Official parameters of ChromeOptions and ChromePrefs - Chromium

Official_parameters_of_ChromeOptions_and_ChromePrefs_-_dns_over_https_mode.txt (722 Bytes)

Sorry for the late reply. I tried that, but apparently it didn’t fix the issue. Also, at least for me personally, everything seems to me quite complicated and unintuitive, as I am not really an expert.

Before I do any more clumsy digging around in any directories without knowing what I’m actually doing, would you rule out that it’s a Chromium bug?

My current extensions:

No, but I use Bitwarden Password Manager

@Tiak

At the moment, there still seem to be more than one reason, or potential for more than one reason, for ‘DNS over HTTPS’ not working for Brave Browser users.

Summary

If you want to try something, go to: brave://flags

  • DISABLE: Experimental QUIC Protocol

QUIC has been ENABLED by Brave, in order to add a little bit of speed to Internet connections.

Just maybe, QUIC is a stumbling block for DNS over HTTPS, for Windows OS users.

If you would, please test that. Thanks

Tried that too, but it didn’t resolve the issue :confused:

@Tiak - OK, thanks for testing that one.

By your usage of ‘it’, I am guessing that you mean, for Brave Browser at least, yousearched for:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave , and
  • HKEY_CURRENT_USER\SOFTWARE\Policies\BraveSoftware\Brave
    but did not find those.

Exactly. So Edge does work after I deleted those Values. But Chrome and Brave don’t. There are no Regestry Keys as well.

The DnsOverHttpsMode does:

  • off: Activates the Managed Browser Mode (Three Dots) + Disables Secure DNS + greys out the setting + Adds the the OrganisationIcon to the setting
    image

  • automatic: Activates the Managed Browser Mode (Three Dots) + Enables Secure DNS + greys out the setting + Adds the the OrganisationIcon to the setting
    image

  • secure: Can’t connect to the Internet (DNS_PROBE_FAILS) + Enables Secure DNS + greys out the setting + Adds the the OrganisationIcon to the setting

Removing all those entries removes the Manage Browser Mode + Disables Secure DNS + greys out the setting. So I guess the rest is working but only the Check for the Secure DNS doesn’t work. Because as soon as I add a Policy for Brave the Browser shows me that the Browser is managed.
Greetings
Metzger

1 Like

In addition to the Bitwarden browser extension, do you also have the Bitwarden app installed locally? i.e., the actual Windows desktop app (not just what’s in the browser).

Some searching turned up folks having similar issues with LastPass inserting a browser policy, I think related to linking the browser extension to the desktop app. BitWarden does have an optional desktop app, but I am not sure if it behaves the same way. (I do use the BW extension but not the desktop app.)

I use only the extension, not the Windows app

For your information, the latest update, at least in Brave Beta, seem to have fixed the issue with DoH and I am able to enable it again. Possibly just a bug then?


Thanks for all the assistance and tips in any case!
@JimB1 @Metzger100 @289wk @CerealLover

3 Likes

Thanks for the Info.
Yes it’s fixed in Brave v1.40.109 for me too. That was a bug of Chromium.
Have a nice Day.

2 Likes


Screenshot of the Commit for the latest Chromium Version.

1 Like

i have the same problem and haven’t found a solution