From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sorin-Mihai =?utf-8?q?V=C3=A2rgolici?= To: development@lists.ipfire.org Subject: Re: Should we block DoH by default? Date: Tue, 03 Mar 2020 19:39:18 +0530 Message-ID: <578e298e-5c81-5707-4aeb-6abb1ba0c1c2@blockgemini.com> In-Reply-To: <83D08EF2-A2BC-4759-9F69-E42BADBDA3C9@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0527614200363843108==" List-Id: --===============0527614200363843108== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable EHLO On 03/03/2020 17:17, Michael Tremer wrote: > I do not want DoH. I do not like it. Mozilla is doing something really real= ly bad here. TL;DR, I saw some mention of cloudflare, so I already don't like this at=20 all, no matter how good others might think it is, for technical reasons=20 or privacy concerns or whatnot . Does it actually mean that Firefox will try to use cloudflare's DNS by=20 default regardless of the system's resolv.conf cluttering my LAN traffic=20 with denied requests until I patch the firefox config(s)? I'm not=20 directly affected for now, so I have some time to prepare for the next=20 updates. This to me sounds like forcing all users to use a proxy even if=20 the users don't want to and even have the right to decline. They=20 should've stick to pushing Google as default search engine, it really=20 was enough... What if I use private DNS server(s) in IPFire, or in systems'=20 resolv.conf (especially for privacy concerns)? What if i do that even in=20 systems which are not connected directly behind IPFire or are connected=20 to some VPN that is supposed to push the DNS settings to the clients=20 (again, especially for privacy concerns, but also because behind a VPN=20 you expect to use internal resolving also; I wonder who will benefit=20 from a huge list of internal records if DoH is being used). I get the need to encrypt the DNS traffic, but this is already done=20 properly with DNSCrypt, but forcing DoH in browser is a bad and wrong=20 decision. --===============0527614200363843108==--