Firefox’s New DNS Resolution
ungleich (via Rob Griffiths, Hacker News):
With their next patch Mozilla will introduce two new features to their Firefox browser they call “DNS over HTTPs” (DoH) and Trusted Recursive Resolver (TRR). In this article we want to talk especially about the TRR.
[…]
When Mozilla turns this on by default, the DNS changes you configured in your network won’t have any effect anymore. At least for browsing with Firefox, because Mozilla has partnered up with Cloudflare, and will resolve the domain names from the application itself via a DNS server from Cloudflare based in the United States. Cloudflare will then be able to read everyone’s DNS requests.
While sophisticated users can turn to cloud-based “open resolvers” that offer better privacy controls than what is available by default from most internet service providers (ISPs), these resolvers rely on the same old unencrypted protocols so ISPs can often intercept data anyway.
Our first effort to upgrade the privacy of DNS is to implement the DNS over HTTPS (DoH) protocol, which encrypts DNS requests and responses. See Lin Clark’s terrific explainer about how DNS over HTTPS can really improve the state of the art.
[…]
Firefox does not yet use DoH by default.
2 Comments RSS · Twitter
I wonder, how does it handle host names that aren’t in the public DNS? Seems like this could break some corporate, school, and VPN scenarios.
Having my browser ignoring my DNS settings is a no go for me. If it can’t be simply disable I will just stop using and recommend Firefox.