I am replying in this thread with Firefox 140.3.1 ESR. My queries are going to my router/firewall.
Verify that about:config network.trr.mode is set to 5.
If one has control over their local DNS they can also create a local record, example in Unbound DNS. Some applications will query this to see if DoH is permitted in the network.
If that does not work create a startup script that will loop through all the common DoH providers and blackhole route them. Some may say that DoH could be on any CDN node but that is not the case. The DoH providers use static addresses and in some cases vanity IP addresses. [1] using this entire data-set is unnessecary as Firefox has only ever used Cloudflare and Google in the past.
for OpenRes in $(grep -Ev ^# /usr/local/etc/_open_resolvers.txt);do /sbin/ip route add blackhole "${OpenRes}" 2>/dev/null;done
If using Unbound DNS enable logging of query responses to a tmpfs mount and ensure log rotation keeps the usage small and sends the compressed rotated files to the disk. Query logs can help verify requests are being processed by local DNS.
log-queries: no
log-replies: yes
log-servfail: yes
Thx! And seems that `use-application-dns.net` works for me. But I will still consider replacing Firefox, because this behavior, which is inconsistent with the settings, is unacceptable to me. However, I'm glad I learned a new thing, thx again :)
Bender•3h ago
No problem. I've never see Firefox exhibit this behavior. Out of curiosity have you started in safe mode disabling all the addons and does it still do this?
fernvenue•3h ago
Hi, I just tried safe mode, and still the same :)
Bender•3h ago
Interesting. If network.trr.mode is set to 5 this should not be occurring. If there is no plan to use FF again then I suppose submitting a bug would be a waste of time. Perhaps others will run into whatever condition is causing this behavior or perhaps it would happen on mine and my blackhole routes are breaking it.
fernvenue•3h ago
Yep, that `network.trr.mode` is `5`, just confirmed. I'm considering Zen now.
Bender•3h ago
Verify that about:config network.trr.mode is set to 5.
If one has control over their local DNS they can also create a local record, example in Unbound DNS. Some applications will query this to see if DoH is permitted in the network.
If that does not work create a startup script that will loop through all the common DoH providers and blackhole route them. Some may say that DoH could be on any CDN node but that is not the case. The DoH providers use static addresses and in some cases vanity IP addresses. [1] using this entire data-set is unnessecary as Firefox has only ever used Cloudflare and Google in the past. If using Unbound DNS enable logging of query responses to a tmpfs mount and ensure log rotation keeps the usage small and sends the compressed rotated files to the disk. Query logs can help verify requests are being processed by local DNS. [1] - https://github.com/dibdot/DoH-IP-blocklistsfernvenue•3h ago
Bender•3h ago
fernvenue•3h ago
Bender•3h ago
fernvenue•3h ago