On Sun, Apr 12, 2020 at 01:34:07PM +0100, Tixy wrote: > On Sun, 2020-04-12 at 13:21 +0300, Reco wrote: > > On Sun, Apr 12, 2020 at 12:10:45PM +0200, tomas@tuxteam.de wrote: > > > That's why I cringe at the idea that browsers want to start doing > > > name resolution over HTTPS. > > > > This simple one line of dnsmasq configuration will disable this > > problematic feature for good for Firefox (basically it creates a > > bogus > > NXDOMAIN response for this particular site): > > > > local=/use-application-dns.net/ > > > > Technically, that doesn't disable it, just just disables any 'on by > default' DoH [1]. For individual users worried about this, it would be > simpler not to accept it when Firefox asks to enable it, or to disable > it it with a config option. [2] That would be needed to be done anyway > for mobile devices that can roam to different networks. > > [1] https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet > [2] https://support.mozilla.org/en-US/kb/firefox-dns-over-https Yep. That sounds less fragile. Thanks. Cheers -- t
Attachment:
signature.asc
Description: Digital signature