{"id":22406,"date":"2018-08-08T16:55:07","date_gmt":"2018-08-08T20:55:07","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=22406"},"modified":"2018-08-08T18:56:51","modified_gmt":"2018-08-08T22:56:51","slug":"forefoxs-new-dns-resolution","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2018\/08\/08\/forefoxs-new-dns-resolution\/","title":{"rendered":"Firefox&rsquo;s New DNS Resolution"},"content":{"rendered":"<p><a href=\"https:\/\/blog.ungleich.ch\/en-us\/cms\/blog\/2018\/08\/04\/mozillas-new-dns-resolution-is-dangerous\/\">ungleich<\/a> (via <a href=\"https:\/\/twitter.com\/rgriff\/status\/1026773082873192448\">Rob Griffiths<\/a>, <a href=\"https:\/\/news.ycombinator.com\/item?id=17690534\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/blog.ungleich.ch\/en-us\/cms\/blog\/2018\/08\/04\/mozillas-new-dns-resolution-is-dangerous\/\"><p>With their next patch Mozilla will introduce two new features to their Firefox browser they call &ldquo;DNS over HTTPs&rdquo; (DoH) and Trusted Recursive Resolver (TRR). In this article we want to talk especially about the TRR.<\/p><p>[&#8230;]<\/p><p>When Mozilla turns this on by default, the DNS changes you configured in your network won&rsquo;t have any effect anymore. At least for browsing with Firefox, because Mozilla has partnered up with Cloudflare, and will resolve the domain names from the application itself via a DNS server from Cloudflare based in the United States. Cloudflare will then be able to read everyone&rsquo;s DNS requests.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/blog.nightly.mozilla.org\/2018\/06\/01\/improving-dns-privacy-in-firefox\/\">Patrick McManus<\/a>:<\/p>\n<blockquote cite=\"https:\/\/blog.nightly.mozilla.org\/2018\/06\/01\/improving-dns-privacy-in-firefox\/\"><p>While sophisticated users can turn to cloud-based &ldquo;open resolvers&rdquo; that offer better privacy controls than what is available by default from most internet service providers (ISPs), these resolvers rely on the same old unencrypted protocols so ISPs can often intercept data anyway.<\/p><p>Our first effort to upgrade the privacy of DNS is to implement the DNS over HTTPS (DoH) protocol, which encrypts DNS requests and responses.  See <a href=\"https:\/\/hacks.mozilla.org\/2018\/05\/a-cartoon-intro-to-dns-over-https\/\">Lin Clark&rsquo;s terrific explainer<\/a> about how DNS over HTTPS can really improve the state of the art.<\/p><p>[&#8230;]<\/p><p>Firefox does not yet use DoH by default.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>ungleich (via Rob Griffiths, Hacker News): With their next patch Mozilla will introduce two new features to their Firefox browser they call &ldquo;DNS over HTTPs&rdquo; (DoH) and Trusted Recursive Resolver (TRR). In this article we want to talk especially about the TRR.[&#8230;]When Mozilla turns this on by default, the DNS changes you configured in your [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2018-08-08T22:56:54Z","apple_news_api_id":"50df4bb6-55f5-4f96-9757-950781e3a24d","apple_news_api_modified_at":"2018-08-08T22:56:55Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAA==","apple_news_api_share_url":"https:\/\/apple.news\/AUN9LtlX1T5aXV5UHgeOiTQ","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[],"tags":[1485,728,279,30,32,1529,410,355,96],"class_list":["post-22406","post","type-post","status-publish","format-standard","hentry","tag-cloudflare","tag-domain-name-system-dns","tag-firefox","tag-mac","tag-macapp","tag-macos-10-13","tag-mozilla","tag-privacy","tag-web"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/22406","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=22406"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/22406\/revisions"}],"predecessor-version":[{"id":22411,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/22406\/revisions\/22411"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=22406"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=22406"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=22406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}