Firefox directs by default DoH queries to Cloudflare

[miroco]

I came across this discussion and I wonder if or how this change to Mozilla/Firefox could impact on OPNsense?

https://support.mozilla.org/en-US/kb/firefox-dns-over-https

"In the US, Firefox by default directs DoH queries to DNS servers that are operated by CloudFlare, meaning that CloudFlare has the ability to see users' queries."

Disabling Firefox's automatic switch to DoH
https://www.snbforums.com/threads/disabling-firefoxs-automatic-switch-to-doh.58910/

[mimugmail]

Or just block these IP addresses in OPNsense :)

[fabian]

DoH may break internal hostname resolutions and DNS based adblocking. Everything else should not be impacted.

You can use other providers as well but cloud flare is the default.

Encrypted DNS (DoT and DoH) together with TLS 1.3 (ESNI) will be very likely a powerful privacy protection mechanism.

[miroco]

Thank you both.

I'm just curious as to why, Merlin the developer of Asuswrt-Merlin, would go to such length, as to contemplating a switch in his firmware to "Block Firefox automatic DoH usage"?