On 9/9/19 8:41 PM, Andy Bradford wrote: > Thus said Michael Torrie on Mon, 09 Sep 2019 20:22:38 -0600: > >> Individual users can turn it off or on in preferences, or they can go >> into about:config and change "network.trr.mode" to "5." Why Mozilla >> didn't make this opt-in I don't know. > > Indeed. So when I browse to > > Options->General->Network Settings->Settings > > I see a checkbox labeled "Enable DNS over HTTPS". It is not currently > checked, and it has a default DoH setting (greyed out) of: > > https://mozilla.cloudflare-dns.com/dns-query > > I wonder what the implications would be if I also hijack > mozilla.cloudflare-dns.com on my DNS resolvers... I'm going to find out.
I'm pretty sure that if Firefox is trying DoH and it fails for whatever reason, it will fall back to normal DNS. On Slashdot several folk talked about blocking the cloudfare dns servers' IP addresses. Knowing some of the strange things they've done, I could totally see them throwing up a warning to the user if it ever falls back to normal DNS saying something like "warning, your name resolver is untrustworthy." Currently they are getting a lot of flack over this move to enable DoH by default, so we'll have to see if they bow to pressure and reverse this. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
