Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firefox DNS over HTTPS (DoH) default disable

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 740 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Koent
      last edited by

      Hello,

      Firefox is now actively rolling out DoH by default. There is a way to disable this, although a user can override.
      Does anyone knows how to do this in unbound please?

      Thanks.

      https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet

      To signal that their local DNS resolver implements special features that make the network unsuitable for DoH, network administrators may configure their networks to modify DNS requests for the following special-purpose domain called a canary domain: use-application-dns.net.

      Firefox will attempt to resolve this domain using the DNS server(s) configured in the operating system of the device, and examine the result. The result will be considered negative if:

      A response code other than NOERROR is returned, such as NXDOMAIN (non-existent domain) or SERVFAIL
      A NOERROR response code is returned, but contains neither A nor AAAA records
      The result will be considered positive if:

      The query completes with NOERROR and contains A or AAAA records (or both)
      A negative result will be a signal to disable application DNS, i.e. DoH.

      The use of this domain is specified by Mozilla, as a limited-time measure until a method for signaling the presence of DNS-based content filtering is defined and adopted by an Internet standards body.

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by kiokoman

        https://forum.netgate.com/topic/133679/heads-up-be-aware-of-trusted-recursive-resolver-trr-in-firefox/39

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 1
        • K
          Koent
          last edited by

          There is always one who is late to the party. Sorry.
          I suppose the MODS can delete this posts.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.