How to use Bind response policy zone to stop Firefox from using DNS over HTTPS
torriem at gmail.com
Mon Sep 9 20:45:54 MDT 2019
On 9/9/19 8:41 PM, Andy Bradford wrote:
> Thus said Michael Torrie on Mon, 09 Sep 2019 20:22:38 -0600:
>> Individual users can turn it off or on in preferences, or they can go
>> into about:config and change "network.trr.mode" to "5." Why Mozilla
>> didn't make this opt-in I don't know.
> Indeed. So when I browse to
> Options->General->Network Settings->Settings
> I see a checkbox labeled "Enable DNS over HTTPS". It is not currently
> checked, and it has a default DoH setting (greyed out) of:
> I wonder what the implications would be if I also hijack
> mozilla.cloudflare-dns.com on my DNS resolvers... I'm going to find out.
I'm pretty sure that if Firefox is trying DoH and it fails for whatever
reason, it will fall back to normal DNS. On Slashdot several folk
talked about blocking the cloudfare dns servers' IP addresses.
Knowing some of the strange things they've done, I could totally see
them throwing up a warning to the user if it ever falls back to normal
DNS saying something like "warning, your name resolver is
untrustworthy." Currently they are getting a lot of flack over this
move to enable DoH by default, so we'll have to see if they bow to
pressure and reverse this.
More information about the PLUG