How to use Bind response policy zone to stop Firefox from using DNS over HTTPS

Andy Bradford amb-sendok-1570672707.jfmbbnnpbiakgoaiamib at bradfords.org
Mon Sep 9 19:58:27 MDT 2019


Thus said Michael Torrie on Mon, 09 Sep 2019 15:04:09 -0600:

> Ostensibly this  is to protect users  from bad actors who  might alter
> the DNS responses  and redirect unsuspecting users to  bogus sites for
> nefarious purposes.

And  yet,   it  will   funnel  all   DNS  queries   through  centralized
locations---it's  much more  difficult  to hijack  DNS  in it's  current
distributed form, but funnel it all through DoH and what have you got?

In the article, it mentions this:

    If a user has chosen to manually enable DoH, the signal from the
    network  will  be ignored  and  the  user's preference  will  be
    honored.

So, how  does a *user* express  his preference that this  feature not be
enabled? The  article suggests  DNS tricks, but  typical users  won't be
doing that.

Thanks,

Andy

-- 
TAI64 timestamp: 400000005d770368




More information about the PLUG mailing list