본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

DOH potential security risk message

  • 15 답장
  • 1 이 문제를 만남
  • 1 보기
  • 최종 답변자: Mace2

more options

When trying DNS over https in in a neetwork that uses googles DNS 8.8.8.8 and 8.8.4.4 I configured FF as follows set network.trr.mode=3 set network.trr.bootstarpaddress=8.8.8.8 set network.trr.uri=https://dns.google/dns-query

Then I went to https://1.1.1.1/help knowing full well that I am use googles DOH and not cloudflare expecting cloudflare web site to tell me I am not using there services with results being all negative.

Instead FF reported that "Warning potential security problem ahead". See enclosed If I am using Googles DOH values and I go to a cloudgflare site why would FF flag the site as a security risk? Keeping in mind FF appears to be working for other sites in the DOH configuration for Google with no visible problems.

When trying DNS over https in in a neetwork that uses googles DNS 8.8.8.8 and 8.8.4.4 I configured FF as follows set network.trr.mode=3 set network.trr.bootstarpaddress=8.8.8.8 set network.trr.uri=https://dns.google/dns-query Then I went to https://1.1.1.1/help knowing full well that I am use googles DOH and not cloudflare expecting cloudflare web site to tell me I am not using there services with results being all negative. Instead FF reported that "Warning potential security problem ahead". See enclosed If I am using Googles DOH values and I go to a cloudgflare site why would FF flag the site as a security risk? Keeping in mind FF appears to be working for other sites in the DOH configuration for Google with no visible problems.
첨부된 스크린샷

선택된 해결법

The network is a library in Canada, Toronto area. I didn't believe that the library would filter a specific 1.1.1.1 address and not other DOH sites. But It appears that is the case because I tried another device on that network and then I tried it on another public network and it worked.

I will have to put this question to the Library as to why the filter? Not that I expect an answer

문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (15)

more options

Can you click the Advanced button for more information about why the certificate verification failed?

more options

1.1.1.1 would normally redirect you to a server in your vicinity using anycast, so there might be a domain mismatch for the certificate after the redirect.

more options

The certificate failed because it was not HTTPs so the connection was not secure. But strangely I was not able to connect using CloudFlare DOh value only with Googles DOH value shown in this web site "https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers"

more options

Those settings are working:

about:config?filter=network.trr

network.trr.bootstrapAddress > 8.8.8.8 network.trr.confirmationNS > dns.google network.trr.credentials > dns.google network.trr.disable-ECS > false network.trr.early-AAAA > true network.trr.mode > 3 network.trr.uri > https://dns.google.com/experimental

after set, restart firefox and enjoy :)

more options

I have already stated the settings I used. I have already stated that google DOH worked.

Why does cloudflare the default used by FF not work?

more options

again, please click on advanced on the error page to see what's the error code and possibly inspect the failing certificate...

more options

You dont seem to understand. No certificate was obtained as shown in my enclosure.

Why would cloudflare site be blocked and not google? Why is it I could not get through to cloudflare when google DOH was working?

more options

Hi Mace2, on the error page, there is an Advanced button -- the gray one next to the large blue one. That Advanced button opens a panel with more technical information about the problem. I don't think you can diagnose the issue without that.

more options

Enclosed is the advance tab. Keep in mind the google DOH values are set and work. But the cloudflare web site 1.1.1.1/help did not work

more options

I'm looking at the domains of the certificate provided to Firefox in your screenshot and I wonder whether your service provider may not permit IP address URLs, or at least this one. Otherwise, why would that certificate be showing up?

more options

선택된 해결법

The network is a library in Canada, Toronto area. I didn't believe that the library would filter a specific 1.1.1.1 address and not other DOH sites. But It appears that is the case because I tried another device on that network and then I tried it on another public network and it worked.

I will have to put this question to the Library as to why the filter? Not that I expect an answer

more options

Do you think they filter 1.1.1.1 in particular, or filter IP address URLs in general?

more options

I think a greater question is why Cloidflare DOH was filtered over Google DOH

more options

So if you aren't using DOH you can access https://1.1.1.1/help on that same network?

more options

I am using DOH. I am using googles DOH server. The librayr is filtering only cloudflare DOH.

the configuration network.trr.mode=3 ensures only DOH is being used.