For those that use pihole for DNS level filtering, there was a pull
request merged 2 days ago to return an NXDOMAIN for this request.
https://github.com/pi-hole/pi-hole/pull/2915
On 2019-09-09 20:55, Andy Bradford wrote:
Thus said Michael Torrie on Mon, 09 Sep 2019 20:45:54 -0600:
I'm pretty sure that if Firefox is trying DoH and it fails for
whatever reason, it will fall back to normal DNS. On Slashdot several
folk talked about blocking the cloudfare dns servers' IP addresses.
Yes, according to their wiki, it will blacklist domains that fail to
resolve via DoH for a period of time and use normal DNS resolver.
Currently they are getting a lot of flack over this move to enable DoH
by default, so we'll have to see if they bow to pressure and reverse
this.
I've already changed network.trr.mode to 5 on all of my Firefox profiles
that I can at the moment.
There's one question I have... in the network.trr.confirmationNS there
is example.com---I wonder if I need to block this as well:
https://wiki.mozilla.org/Trusted_Recursive_Resolver
Of course, these are the current defaults and I wonder if I don't alter
the defaults if Mozilla will assume that it's alright to modify the
default and thus undo any blocking I might have made.
Andy
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
