DNS over HTTPS

[loungehake]

Does Avast have any problems with DNS over HTTPS?

[DavidR]

Not much to work with here:
Is there a specific DNS that is involved in the problem  ?
Is there a particular site that is effected  ?
Are you getting and Avast alert or other browser error message  ?

[loungehake]

Hi David.  It's a question of encryption impairing Avast's detection of bad web sites.  Encrypting DNS traffic enhances privacy but might have the downside of helping rogue web sites elude detection by such as Avast.

[DavidR]

Well encryption shouldn't impact Avast detection abilities as the site in itself 'isn't encrypted' only the traffic between your computer and the site is encrypted/secured to prevent snooping.

[loungehake]

I guess that what you are saying is that Avast decrypts all traffic received over TLS connections and that includes DNS over HTTPS.  I am confident in my belief that Avast does this.

Some argue that DNS over HTTPS prevents some antimalware software from identifying rogue Internet players and that this is why DNS traffic sent/received in clear ensures identification of those rogues.

[DavidR]

The encryption is done at the point of origin, if you connect to an https URL it creates a secure connection, so traffic between your system and the site is secure. 

You also set Avast to scan HTTPS and other secure means of connection and other pages in the Web Shield settings.  For the most part these would be preselected.

[Mr. Consumer]

I use DNS Over HTTPS system-wide and also in the browser in my test browsers. It doesn't affect the protection provided by Avast's Web Shield. So you can use DoH without any issue

[loungehake]

Thanks. That's how I see it.