OPNsense Forum

English Forums => General Discussion => Topic started by: miroco on September 11, 2019, 10:15:29 pm

Title: Firefox directs by default DoH queries to Cloudflare
Post by: miroco on September 11, 2019, 10:15:29 pm

I came across this discussion and I wonder if or how this change to Mozilla/Firefox could impact on OPNsense?

https://support.mozilla.org/en-US/kb/firefox-dns-over-https

"In the US, Firefox by default directs DoH queries to DNS servers that are operated by CloudFlare, meaning that CloudFlare has the ability to see users' queries."

Disabling Firefox's automatic switch to DoH
https://www.snbforums.com/threads/disabling-firefoxs-automatic-switch-to-doh.58910/

Title: Re: Firefox directs by default DoH queries to Cloudflare
Post by: mimugmail on September 11, 2019, 10:48:03 pm

Or just block these IP addresses in OPNsense :)

Title: Re: Firefox directs by default DoH queries to Cloudflare
Post by: fabian on September 11, 2019, 10:53:01 pm

DoH may break internal hostname resolutions and DNS based adblocking. Everything else should not be impacted.

You can use other providers as well but cloud flare is the default.

Encrypted DNS (DoT and DoH) together with TLS 1.3 (ESNI) will be very likely a powerful privacy protection mechanism.

Title: Re: Firefox directs by default DoH queries to Cloudflare
Post by: miroco on September 11, 2019, 11:08:42 pm

Thank you both.

I'm just curious as to why, Merlin the developer of Asuswrt-Merlin, would go to such length, as to contemplating a switch in his firmware to "Block Firefox automatic DoH usage"?