Om de ûnderfining foar jo te ferbetterjen is tydlik de funksjonaliteit dan dizze website troch ûnderhâldswurk beheind. Wannear in artikel jo probleem net oplost en jo in fraach stelle wolle, kin ús stipemienskip jo helpe yn @FirefoxSupport op Twitter en /r/firefox op Reddit.

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

DNS over https not working properly

  • 4 antwurd
  • 1 hat dit probleem
  • 4 werjeftes
  • Lêste antwurd fan Andrew P

more options

My UK ISP has a 'Site Safe' feature that is set at the ISP end, to block malicious websites. When I

enable this setting, and specifically enable DoH under Options, a DNS leak test shows that my ISP is my DNS provider. disable this setting, and specifically enable DoH under Options, a DNS leak test shows that Cloudflare is my DNS provider.

Shouldn't DoH work all the time, if I specifically enable DoH under Options? Otherwise bad actor sites could do the same thing as my ISP, and I would think I'm protected, but in reality, I'm not and exposing my DNS traffic?

My UK ISP has a 'Site Safe' feature that is set at the ISP end, to block malicious websites. When I enable this setting, and specifically enable DoH under Options, a DNS leak test shows that my ISP is my DNS provider. disable this setting, and specifically enable DoH under Options, a DNS leak test shows that Cloudflare is my DNS provider. Shouldn't DoH work all the time, if I specifically enable DoH under Options? Otherwise bad actor sites could do the same thing as my ISP, and I would think I'm protected, but in reality, I'm not and exposing my DNS traffic?

Alle antwurden (4)

more options

You can enable or disable DoH in your Firefox connection settings:

  *Click the menu button Fx57Menu and select Options.
  *In the General panel, scroll down to Network Settings and click the Settings… button.
  *In the dialog box that opens, scroll down to Enable DNS over HTTPS.
       On: Select the Enable DNS over HTTPS checkbox. Select a provider or set up a custom provider.
       Off: Deselect the Enable DNS over HTTPS checkbox. 
  *Click OK to save your changes and close the window.
more options

This is not what I'm asking. Feel free to re-read the original.

more options

Andrew P said

My UK ISP has a 'Site Safe' feature that is set at the ISP end, to block malicious websites. Shouldn't DoH work all the time, if I specifically enable DoH under Options? Otherwise bad actor sites could do the same thing as my ISP, and I would think I'm protected, but in reality, I'm not and exposing my DNS traffic?

In my private opinion, you're right. But DoH is breaking this 'Site Safe' feature, all UK ISPs have named Mozilla the Villain Of The Year (you know, our children are no longer safe), so Moz has decided to change the way it works.

For domains that are excluded from TRR or when parental control is enabled, we fallback to NativeLookup. This happens even in MODE_TRRONLY. By default localhost and local are excluded (so we cover *.local hosts).

To change it back, go to about:config and set network.dns.skipTRR-when-parental-control-enabled = false. See also the network.trr.excluded-domains pref.

See:

more options

Thanks for your reply. Very helpful.

I did try to set the value to 'false' and it didn't work (DNS still shows resolver is set to ISP's resolver) but I'm guessing this setting only refers to Mozilla's implementation of parental controls (about:safe)?

I didn't change any other value and for ref: network.trr.mode showed as 2.

As such, it would be useful to have some sort to indicator on the UI, so that if DoH is set by the user, a graphic shows whether a users DNS traffic is being directed properly.