Mozilla Firefox to force its own DNS?

General discussion about web technology.
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Mozilla Firefox to force its own DNS?

Post by GµårÐïåñ »

My takeaway is that he prefers people use the other projects that now he is also relying on as anything he does to "update" his end will just be a bandaid, as in why not just use what the underlying system directly instead. That's all. He seems to prefer the more actively maintained projects as a source point. Whether or not they meet your needs, a la router implementations, are beyond the scope of my inquiry or involvement to find out. You can refer to the repositories listed, I believe the main one being SimpleDNSCrypt and go from there.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
kukla
Senior Member
Posts: 317
Joined: Mon May 04, 2009 12:08 am

Re: Mozilla Firefox to force its own DNS?

Post by kukla »

Looks like I should probably contact him directly to ask about the current state of his DNSCrypt. Doesn't look like I can use the "simple" version (writing it this way because the real name kicks off the overly sensitive anti-spam filter.)

Shouldn't need to reference this thread, but if I do is that OK with you? And/or can I just chime in directly at the thread you linked?

Btw, he seems to be a genuine advocate of privacy.
Mozilla/5.0 (iPad; CPU OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Mozilla Firefox to force its own DNS?

Post by GµårÐïåñ »

It is always fine with me. What I say publicly is always fair game.
You can pickup on that existing conversation, that would help me stay informed but that's entirely up to you.
I have no reason to doubt his intentions are sincere and his efforts are genuine.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
kukla
Senior Member
Posts: 317
Joined: Mon May 04, 2009 12:08 am

Re: Mozilla Firefox to force its own DNS?

Post by kukla »

Sorry, a little late getting back to this, but for the benefit of anyone who was concerned about whether to use, or continue to use, DNSCrypt.eu for DNS resolution. The site may have been left to languish, but the service itself is still supported:

Image
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Firefox/52.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Mozilla Firefox to force its own DNS?

Post by barbaz »

Back to Firefox using its own DNS, I happened on instructions for how to disable it -
https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/ wrote:1] Type about:config in the location bar

2] Search for network.trr (TRR stands for Trusted Recursive Resolver – it is the DoH Endpoint used by Firefox.)

3] Change network.trr.mode to [...] 5 to disable DoH under all circumstances.)
Some more information on the possible values of that pref -
https://dxr.mozilla.org/mozilla-central/rev/c291143e24019097d087f9307e59b49facaf90cb/modules/libpref/init/all.js#5414 wrote:// 0 - default off, 1 - race, 2 TRR first, 3 TRR only, 4 shadow, 5 off by choice
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Mozilla Firefox to force its own DNS?

Post by GµårÐïåñ »

Has anyone noticed how much and how aggressively Mozilla has been going the was of Google tracking everything and Microsoft getting tons of telemetry and doing all kind of Facebook like experiments on their users and often without notice. Most of them you can disable, but they shouldn't be on by default, it should always be opt-in not opt-out and some of it you outright can't do squat about. They are trying too hard to be like everyone else while always using "security of our users" as a justification to do exactly what others do with no proof that they are doing any less with it than they are. This just further feeds into that scheme.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; rv:62.0) Gecko/20100101 Firefox/66.0
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Mozilla Firefox to force its own DNS?

Post by therube »

Yes.
IMO they're following MS's playbook to a T.

Look around these parts.
I've posted some rants of late about Mozilla ;-).


Palemoon: Is Mozilla's new DNS feature really dangerous?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.5
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Mozilla Firefox to force its own DNS?

Post by barbaz »

Looks like Waterfox will be following Mozilla down this rabbit hole - https://www.reddit.com/r/waterfox/comme ... s/em3a289/ :(

I was expecting this would be removed from Waterfox. Hopefully Alex understands why an "ethical, user-oriented browser" that includes this feature *must* completely disable this by default and cannot be enabled without EXPLICIT user choice interaction.
*Always* check the changelogs BEFORE updating that important software!
-
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Mozilla Firefox to force its own DNS?

Post by barbaz »

Looks like Mozilla is trying to address my big concerns about this -
https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https wrote: While we would like to encourage everyone to use DoH, we also recognize that there are a few circumstances in which DoH can be undesirable, namely:
  • Networks that have implemented some sort of filtering via the default DNS resolver. This can be used to implement parental controls or to block access to malicious websites.
  • Networks that respond to names that are private, and/or that provide different responses than are provided publicly. For example, a company may only expose the address of an application used by employees on their internal network.
Networks can signal to Firefox that there are special features such as these in place that would be disabled if DoH were used for domain name resolution. Checking for this signaling will be implemented in Firefox when DoH is enabled by default for users. This will first happen for users in the United States in the Fall of 2019. If a user has chosen to manually enable DoH, the signal from the network will be ignored and the user’s preference will be honored.

Network administrators may configure their networks as follows to signal that their local DNS resolver implemented special features that make the network unsuitable for DoH:

DNS queries for the A and AAAA records for the domain “use-application-dns.net” must respond with NXDOMAIN rather than the IP address retrieved from the authoritative nameserver.

The domain “use-application-dns.net” is referred to as a “canary domain”. Some existing DNS filtering providers already implement similar domains for users to verify that filtering is working. This new domain is different because it is meant to be implemented across many filtering solutions, and also checked by software such as Firefox, rather than checked explicitly by the user. This mechanism was created by Mozilla as an interim measure until a more permanent Internet standard for signaling the presence of DNS-based content filtering can be approved.
https://support.mozilla.org/en-US/kb/firefox-dns-over-https#w_risks wrote:Some individuals and organizations rely on DNS to block malware, enable parental controls, or filter your browser’s access to websites. When enabled, DoH bypasses your local DNS resolver and defeats these special policies. Firefox allows users (via settings) and organizations (via enterprise policies and a canary domain lookup) to disable DoH when it interferes with a preferred policy.
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Mozilla Firefox to force its own DNS?

Post by therube »

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.5
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Mozilla Firefox to force its own DNS?

Post by barbaz »

therube wrote: Wed Sep 11, 2019 3:53 pm google-unveils-dns-over-https-doh-plan-mozillas-faces-criticism
How does Chrome determine the user's DNS provider? And will that method be able to detect and respect a setup like I have, which is not conventionally used for filtering?
*Always* check the changelogs BEFORE updating that important software!
-
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Mozilla Firefox to force its own DNS?

Post by barbaz »

Firefox is starting to enable this by default - https://arstechnica.com/information-tec ... ping-isps/ :o
*Always* check the changelogs BEFORE updating that important software!
-
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Mozilla Firefox to force its own DNS?

Post by barbaz »

Now DNS-over-HTTPS being abused to obfuscate malware? - https://www.bleepingcomputer.com/news/s ... d-malware/
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply