How to use Bind response policy zone to stop Firefox from using DNS over HTTPS

Charles Curley charlescurley at
Wed Sep 11 08:40:50 MDT 2019

On Mon, 9 Sep 2019 15:04:09 -0600
Michael Torrie <torriem at> wrote:

> As many of you know recent releases of Firefox have implemented DNS
> over HTTPS (their own idea as opposed to the standard DNS over TLS),
> which bypasses your local DNS and uses cloudfare's DNS server on port
> 443.

A bit more reading, in case you don't have enough to do.

"On Friday, Mozilla said it plans to implement the DNS-over-HTTPS (DoH)
protocol by default in its Firefox browser, with a slow rollout
starting in late September.

"Under development since 2017, DoH transfers domain name system queries
– which try to match domain names with server IP addresses – over an
encrypted HTTPS connection rather than an unprotected HTTP one. This
prevents third-parties like network service providers from seeing the
websites internet users visit. Though DoH provides more privacy than
the status quo, it's controversial where lack of privacy is assumed or
required, such as monitored environments that insist on content
filtering, among other reasons."

"When we talk of civilization, we are too apt to limit the meaning of
the word to its mere embellishments, such as arts and sciences; but
the true distinction between it and barbarism is, that the one
presents a state of society under the protection of just and
well-administered law, and the other is left to the chance government
of brute force."
- The Rev. James White, Eighteen Christian Centuries, 1889
Key fingerprint = 38DD CE9F 9725 42DD E29A  EB11 7514 6D37 A332 10CB

More information about the PLUG mailing list