Die Funktionalität dieser Website ist durch Wartungsarbeiten eingeschränkt, die Ihr Erlebnis verbessern sollen. Wenn ein Artikel Ihr Problem nicht löst und Sie eine Frage stellen möchten, können Sie unsere Gemeinschaft über @FirefoxSupport auf Twitter, /r/firefox oder Reddit fragen.

Hilfe durchsuchen

Vorsicht vor Support-Betrug: Wir fordern Sie niemals auf, eine Telefonnummer anzurufen, eine SMS an eine Telefonnummer zu senden oder persönliche Daten preiszugeben. Bitte melden Sie verdächtige Aktivitäten über die Funktion „Missbrauch melden“.

Weitere Informationen

Firefox on macOS not using default DNS resolver with DoH disabled

  • 4 Antworten
  • 0 haben dieses Problem
  • 1 Aufruf
  • Letzte Antwort von ben184

more options

Firefox does not appear to be using my Mac's default DNS resolver when DNS over HTTPS is disabled. Here is my setup:

- I'm using Firefox 124.0.2 on macOS Sonoma 14.4.1. - DNS over HTTPS is set to Off in Firefox. - My Mac is configured to use a DNS server that blocks some domains, such as facebook.com. I have confirmed that this is working correctly by using the dig tool on the commandline: "dig facebook.com" receives a "status: REFUSED" response with an empty A record. - When I navigate to facebook.com or other domains that should be blocked in Firefox, they are resolved. My expectation is that they should fail to load and a DNS error should be displayed.

What I've tried:

- Confirmed via GUI and about:config that DNS over HTTPS is completely disabled in Firefox. - Cleared Firefox DNS cache via about:networking. - Confirmed every way I know how that macOS is configured to use my custom DNS resolver and that the resolver is refusing queries for the specific domains I expect to be blocked.

I'd be grateful for any suggestions anyone can provide.

Firefox does not appear to be using my Mac's default DNS resolver when DNS over HTTPS is disabled. Here is my setup: - I'm using Firefox 124.0.2 on macOS Sonoma 14.4.1. - DNS over HTTPS is set to Off in Firefox. - My Mac is configured to use a DNS server that blocks some domains, such as facebook.com. I have confirmed that this is working correctly by using the dig tool on the commandline: "dig facebook.com" receives a "status: REFUSED" response with an empty A record. - When I navigate to facebook.com or other domains that should be blocked in Firefox, they are resolved. My expectation is that they should fail to load and a DNS error should be displayed. What I've tried: - Confirmed via GUI and about:config that DNS over HTTPS is completely disabled in Firefox. - Cleared Firefox DNS cache via about:networking. - Confirmed every way I know how that macOS is configured to use my custom DNS resolver and that the resolver is refusing queries for the specific domains I expect to be blocked. I'd be grateful for any suggestions anyone can provide.

Ausgewählte Lösung

Thanks for your response, jscher2000. I actually had the exact same train of thought and tried the HTTP logging feature. However, it turns out that this is not a Firefox problem, but rather a misunderstanding on my part regarding Apple's iCloud Private Relay Feature. Firefox works as expected if I disable iCloud Private Relay and clear my machine's DNS cache.

I had mistakenly believed that iCloud Private Relay would only be used for DNS in Safari and other Apple-developed, Private-Relay-enabled apps. Thus, my assumption was that if I kept Private Relay enabled, cleared the machine's DNS cache, and then immediately requested a site in Firefox, my configured DNS server would be used. However, it appears that the Private Relay DNS system is still used to perform the DNS lookup in that scenario.

Diese Antwort im Kontext lesen 👍 0

Alle Antworten (4)

more options

ben184 said

macOS is configured to use my custom DNS resolver

Support for platform-specific DNS APIs is currently being worked on in Nightly (Bug 1852752). The setting for this is network.dns.native_https_query in about:config.

more options

Thank you for your response. If I'm understanding that Bugzilla ticket that Bugzilla ticket correctly, it specifically relates to the task of resolving the "HTTPS" resource record type (as opposed to the "A" type, "AAAA" type, and so forth) without DoH. That seems like a different problem from what I'm experiencing.

My problem is that Firefox is not using my network connection's configured DNS server for basic A record resolution. Firefox does work as expected on a Windows machine on the same network.

Geändert am von ben184

more options

Hmm, I'm trying to figure out whether Firefox shows which DNS server it is using when it is NOT using DNS over HTTPS. (I'm not seeing it on about:networking#dns or about:networking#dnslookuptool. I don't see it in the log created according to https://developer.mozilla.org/docs/Mozilla/Debugging/HTTP_logging.)

I assume your Firefox is not using a proxy server or VPN, which might bypass system resolution.

more options

Ausgewählte Lösung

Thanks for your response, jscher2000. I actually had the exact same train of thought and tried the HTTP logging feature. However, it turns out that this is not a Firefox problem, but rather a misunderstanding on my part regarding Apple's iCloud Private Relay Feature. Firefox works as expected if I disable iCloud Private Relay and clear my machine's DNS cache.

I had mistakenly believed that iCloud Private Relay would only be used for DNS in Safari and other Apple-developed, Private-Relay-enabled apps. Thus, my assumption was that if I kept Private Relay enabled, cleared the machine's DNS cache, and then immediately requested a site in Firefox, my configured DNS server would be used. However, it appears that the Private Relay DNS system is still used to perform the DNS lookup in that scenario.