Page 2 of 2

Re: Mozilla Firefox to force its own DNS?

Posted: Wed Apr 11, 2018 8:35 pm
by GµårÐïåñ
My takeaway is that he prefers people use the other projects that now he is also relying on as anything he does to "update" his end will just be a bandaid, as in why not just use what the underlying system directly instead. That's all. He seems to prefer the more actively maintained projects as a source point. Whether or not they meet your needs, a la router implementations, are beyond the scope of my inquiry or involvement to find out. You can refer to the repositories listed, I believe the main one being SimpleDNSCrypt and go from there.

Re: Mozilla Firefox to force its own DNS?

Posted: Wed Apr 11, 2018 8:56 pm
by kukla
Looks like I should probably contact him directly to ask about the current state of his DNSCrypt. Doesn't look like I can use the "simple" version (writing it this way because the real name kicks off the overly sensitive anti-spam filter.)

Shouldn't need to reference this thread, but if I do is that OK with you? And/or can I just chime in directly at the thread you linked?

Btw, he seems to be a genuine advocate of privacy.

Re: Mozilla Firefox to force its own DNS?

Posted: Wed Apr 11, 2018 10:25 pm
by GµårÐïåñ
It is always fine with me. What I say publicly is always fair game.
You can pickup on that existing conversation, that would help me stay informed but that's entirely up to you.
I have no reason to doubt his intentions are sincere and his efforts are genuine.

Re: Mozilla Firefox to force its own DNS?

Posted: Sun Apr 22, 2018 3:15 pm
by kukla
Sorry, a little late getting back to this, but for the benefit of anyone who was concerned about whether to use, or continue to use, DNSCrypt.eu for DNS resolution. The site may have been left to languish, but the service itself is still supported:

Image

Re: Mozilla Firefox to force its own DNS?

Posted: Fri Oct 19, 2018 6:02 pm
by barbaz
Back to Firefox using its own DNS, I happened on instructions for how to disable it -
https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/ wrote:1] Type about:config in the location bar

2] Search for network.trr (TRR stands for Trusted Recursive Resolver – it is the DoH Endpoint used by Firefox.)

3] Change network.trr.mode to [...] 5 to disable DoH under all circumstances.)
Some more information on the possible values of that pref -
https://dxr.mozilla.org/mozilla-central/rev/c291143e24019097d087f9307e59b49facaf90cb/modules/libpref/init/all.js#5414 wrote:// 0 - default off, 1 - race, 2 TRR first, 3 TRR only, 4 shadow, 5 off by choice

Re: Mozilla Firefox to force its own DNS?

Posted: Fri Oct 19, 2018 7:06 pm
by GµårÐïåñ
Has anyone noticed how much and how aggressively Mozilla has been going the was of Google tracking everything and Microsoft getting tons of telemetry and doing all kind of Facebook like experiments on their users and often without notice. Most of them you can disable, but they shouldn't be on by default, it should always be opt-in not opt-out and some of it you outright can't do squat about. They are trying too hard to be like everyone else while always using "security of our users" as a justification to do exactly what others do with no proof that they are doing any less with it than they are. This just further feeds into that scheme.

Re: Mozilla Firefox to force its own DNS?

Posted: Fri Oct 19, 2018 7:28 pm
by therube
Yes.
IMO they're following MS's playbook to a T.

Look around these parts.
I've posted some rants of late about Mozilla ;-).


Palemoon: Is Mozilla's new DNS feature really dangerous?

Re: Mozilla Firefox to force its own DNS?

Posted: Tue Apr 30, 2019 4:18 pm
by barbaz
Looks like Waterfox will be following Mozilla down this rabbit hole - https://www.reddit.com/r/waterfox/comme ... s/em3a289/ :(

I was expecting this would be removed from Waterfox. Hopefully Alex understands why an "ethical, user-oriented browser" that includes this feature *must* completely disable this by default and cannot be enabled without EXPLICIT user choice interaction.

Re: Mozilla Firefox to force its own DNS?

Posted: Sat Sep 07, 2019 9:44 pm
by barbaz
Looks like Mozilla is trying to address my big concerns about this -
https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https wrote: While we would like to encourage everyone to use DoH, we also recognize that there are a few circumstances in which DoH can be undesirable, namely:
  • Networks that have implemented some sort of filtering via the default DNS resolver. This can be used to implement parental controls or to block access to malicious websites.
  • Networks that respond to names that are private, and/or that provide different responses than are provided publicly. For example, a company may only expose the address of an application used by employees on their internal network.
Networks can signal to Firefox that there are special features such as these in place that would be disabled if DoH were used for domain name resolution. Checking for this signaling will be implemented in Firefox when DoH is enabled by default for users. This will first happen for users in the United States in the Fall of 2019. If a user has chosen to manually enable DoH, the signal from the network will be ignored and the user’s preference will be honored.

Network administrators may configure their networks as follows to signal that their local DNS resolver implemented special features that make the network unsuitable for DoH:

DNS queries for the A and AAAA records for the domain “use-application-dns.net” must respond with NXDOMAIN rather than the IP address retrieved from the authoritative nameserver.

The domain “use-application-dns.net” is referred to as a “canary domain”. Some existing DNS filtering providers already implement similar domains for users to verify that filtering is working. This new domain is different because it is meant to be implemented across many filtering solutions, and also checked by software such as Firefox, rather than checked explicitly by the user. This mechanism was created by Mozilla as an interim measure until a more permanent Internet standard for signaling the presence of DNS-based content filtering can be approved.
https://support.mozilla.org/en-US/kb/firefox-dns-over-https#w_risks wrote:Some individuals and organizations rely on DNS to block malware, enable parental controls, or filter your browser’s access to websites. When enabled, DoH bypasses your local DNS resolver and defeats these special policies. Firefox allows users (via settings) and organizations (via enterprise policies and a canary domain lookup) to disable DoH when it interferes with a preferred policy.

Re: Mozilla Firefox to force its own DNS?

Posted: Wed Sep 11, 2019 3:53 pm
by therube

Re: Mozilla Firefox to force its own DNS?

Posted: Wed Sep 11, 2019 5:00 pm
by barbaz
therube wrote: Wed Sep 11, 2019 3:53 pm google-unveils-dns-over-https-doh-plan-mozillas-faces-criticism
How does Chrome determine the user's DNS provider? And will that method be able to detect and respect a setup like I have, which is not conventionally used for filtering?

Re: Mozilla Firefox to force its own DNS?

Posted: Wed Feb 26, 2020 2:24 pm
by barbaz
Firefox is starting to enable this by default - https://arstechnica.com/information-tec ... ping-isps/ :o

Re: Mozilla Firefox to force its own DNS?

Posted: Wed Sep 02, 2020 10:56 pm
by barbaz
Now DNS-over-HTTPS being abused to obfuscate malware? - https://www.bleepingcomputer.com/news/s ... d-malware/