Chrome forcing async DNS?

So here’s the issue: I deployed a network wide security system like that Bitdefender box that protects all the devices and so on. Everything works on IoT devices and OSs, but as soon as I use Google Chrome, everything gets bypassed. Part of this system is using PiHole just blocking malware domains. I tried appending to the Google Chrome link --disable-async-dns but it didn’t work. Is there any way to disable async DNSs so that I can more safely surf the web? Thanks!

There should be DNS settings in chrome://flags that you can turn off. That’s how I remembered last time I dealt with Chrome.

Is only available on Google Chrome for Android and I already disable it. Trired to reach it from the desktop version using chrome://flags/#enable-async-dns but the option is not there.

Edge uses the DNS I’ve set up.

Thanks for the answer.

They’re purposely hiding it then. Chrome for Android commits the more nefarious Chrome changes before the desktop version. You’ll have to build Chromium from source yourself to avoid this now.

What OS?
If linux, chrome (and derivatives) make use of the sys_admin capability meaning it can bypass or modify basically any settings you set, so dropping that cap might fix your issue. But on the other hand that would also disable the sandboxing feature so in that case you might want to use isolation on the os-level.

I’m on Windows at the moment. This behaviour from Chrome is absolute garbage.

Compiling Chromium can be done, but I’d have to do it frequently to keep it updated AND it triggers all sorts of antimalware softwares on Windows.

It has to be done. You can’t trust the source code of Chrome anymore. You can only examine Chromium to see if any nefarious things have been done, weed it out, then compile.

Iridium browser might kinda maybe work, but that one lags behind updates so go figure… maybe contribute?

Well I’ve been “caught in the ecosystem” by Google since I find really handy having all the tabs and favourites synced between my phone and my PC. That’s why I wanted to keep using Chrome and find a way around this issue. I also like the performance of it.

Create a rule in your firewall re-directing all DNS traffic to your Pi-Hole. In my case at work our traffic goes to our DC then upstream to the Pi-Hole next.

Example from my EdgeRouter. This will catch anything with hard-coded DNS

1 Like

Also, just fyi, Firefox does that too.

I just installed Chrome on W10 and everything goes as it should through Pihole.

I didn’t think of trying that, I’m going to give it a shot for sure.

I know Firefox does it to, and Edge does it aswell but that would mean migrate all my browsing habits from my phone and PC to another browser.

So as you open tabs you see the counter increasing? Did you set up PiHole as a network wide DNS or did you just change the values in Windows 10?

Manually in W10

Are you absolutely sure 1000%? I’m on Chrome 77.0.3865.120 stable.

Now for whatever reason my computer is ignoring PiHole. I can’t believe my own eyes…

And how do you plan to force DOH to listen to you?

77.0.3865.120 64bit

I see in the logs that the queries go to Pihole …
If I find moments I will look more closely.

It doesen’t, that’s how I know it’s not going through Pihole when connecting to the internet.