Thus said Michael Torrie on Mon, 09 Sep 2019 20:45:54 -0600: > I'm pretty sure that if Firefox is trying DoH and it fails for > whatever reason, it will fall back to normal DNS. On Slashdot several > folk talked about blocking the cloudfare dns servers' IP addresses.
Yes, according to their wiki, it will blacklist domains that fail to resolve via DoH for a period of time and use normal DNS resolver. > Currently they are getting a lot of flack over this move to enable DoH > by default, so we'll have to see if they bow to pressure and reverse > this. I've already changed network.trr.mode to 5 on all of my Firefox profiles that I can at the moment. There's one question I have... in the network.trr.confirmationNS there is example.com---I wonder if I need to block this as well: https://wiki.mozilla.org/Trusted_Recursive_Resolver Of course, these are the current defaults and I wonder if I don't alter the defaults if Mozilla will assume that it's alright to modify the default and thus undo any blocking I might have made. Andy -- TAI64 timestamp: 400000005d7710b5 /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
