How to use Bind response policy zone to stop Firefox from using DNS over HTTPS

Andy Bradford amb-sendok-1570672294.lfncamagoaclehmiliob at bradfords.org
Mon Sep 9 19:51:34 MDT 2019


Thus said Michael Torrie on Mon, 09 Sep 2019 15:04:09 -0600:

> As many  of you know recent  releases of Firefox have  implemented DNS
> over HTTPS (their  own idea as opposed to the  standard DNS over TLS),
> which bypasses your local DNS and  uses cloudfare's DNS server on port
> 443.

I was not aware of this unprecedented and disastrous behavior, thank you
for sharing---it  reminds me of  how Verisign  wanted to hijack  [1] all
unregistered domains with  wildcards and redirect to  their own servers.
It almost makes me want to implement whitelisting for domains...

I  already have  a large  selection  of domains  that I  block but  it's
getting increasingly more  difficult to keep track of  all such "canary"
domains.

[1] https://www.dslreports.com/shownews/33050

Thanks,

Andy
-- 
TAI64 timestamp: 400000005d7701cb




More information about the PLUG mailing list