How to use Bind response policy zone to stop Firefox from using DNS over HTTPS

Chris Wood chris at
Mon Sep 9 16:04:15 MDT 2019

On Mon, Sep 9, 2019 at 3:04 PM Michael Torrie <torriem at> wrote:
> As many of you know recent releases of Firefox have implemented DNS over
> HTTPS (their own idea as opposed to the standard DNS over TLS), which
> bypasses your local DNS and uses cloudfare's DNS server on port 443.
> Ostensibly this is to protect users from bad actors who might alter the
> DNS responses and redirect unsuspecting users to bogus sites for
> nefarious purposes.  Mozilla has or will soon enable this by default.
> However in many organizations this is going to cause a lot of problems,
> particularly if you have host names that resolve differently if you're
> inside or outside of the organization, or if you're trying to implement
> family-friendly DNS filtering on your network.

Good info, thanks.  I've been wondering about how to block this as well.

Chris Wood

More information about the PLUG mailing list