How to use Bind response policy zone to stop Firefox from using DNS over HTTPS

Andy Bradford amb-sendok-1570716238.hibbijikdiaocpfokmdl at
Tue Sep 10 08:03:58 MDT 2019

Thus said Joel Finlinson on Mon, 09 Sep 2019 22:34:07 -0600:

> Looks like Google wants in on the game with Chrome too.

I noticed that in the Firefox wiki [1] it mentioned as an
alternative, so I blocked that as well.


> *Motivation*  Most DNS  resolution  today occurs  over an  unencrypted
> channel. This is bad for privacy and for security reasons.

While I understand their motivation, I disagree that DNS problems should
be solved  in the application which  seems a bit short-sighted  and only
solves  it  for that  one  application.  DNS is  just  one  part of  the
problem--the  larger  part is  cryptography  and  making sure  that  PKI
infrastructure is solid---then it doesn't  matter if someone hijacks DNS
(unless  the user  is in  the habit  of just  clicking through  security

One of these days I'll get around to setting up a DNSCurve resolver...

TAI64 timestamp: 400000005d77ad73

More information about the PLUG mailing list