I am replying in this thread with Firefox 140.3.1 ESR. My queries are going to my router/firewall.
Verify that about:config network.trr.mode is set to 5.
If one has control over their local DNS they can also create a local record, example in Unbound DNS. Some applications will query this to see if DoH is permitted in the network.
If that does not work create a startup script that will loop through all the common DoH providers and blackhole route them. Some may say that DoH could be on any CDN node but that is not the case. The DoH providers use static addresses and in some cases vanity IP addresses. [1] using this entire data-set is unnessecary as Firefox has only ever used Cloudflare and Google in the past.
for OpenRes in $(grep -Ev ^# /usr/local/etc/_open_resolvers.txt);do /sbin/ip route add blackhole "${OpenRes}" 2>/dev/null;done
If using Unbound DNS enable logging of query responses to a tmpfs mount and ensure log rotation keeps the usage small and sends the compressed rotated files to the disk. Query logs can help verify requests are being processed by local DNS.
log-queries: no
log-replies: yes
log-servfail: yes
Thx! And seems that `use-application-dns.net` works for me. But I will still consider replacing Firefox, because this behavior, which is inconsistent with the settings, is unacceptable to me. However, I'm glad I learned a new thing, thx again :)
Bender|4 months ago
Verify that about:config network.trr.mode is set to 5.
If one has control over their local DNS they can also create a local record, example in Unbound DNS. Some applications will query this to see if DoH is permitted in the network.
If that does not work create a startup script that will loop through all the common DoH providers and blackhole route them. Some may say that DoH could be on any CDN node but that is not the case. The DoH providers use static addresses and in some cases vanity IP addresses. [1] using this entire data-set is unnessecary as Firefox has only ever used Cloudflare and Google in the past. If using Unbound DNS enable logging of query responses to a tmpfs mount and ensure log rotation keeps the usage small and sends the compressed rotated files to the disk. Query logs can help verify requests are being processed by local DNS. [1] - https://github.com/dibdot/DoH-IP-blocklistsfernvenue|4 months ago