From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Should we block DoH by default?
Date: Tue, 03 Mar 2020 11:47:00 +0000
Message-ID: <83D08EF2-A2BC-4759-9F69-E42BADBDA3C9@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7874468724464454389=="
List-Id: <development.lists.ipfire.org>

--===============7874468724464454389==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello,

A post on the community portal has raised my attention today:

  https://community.ipfire.org/t/firefox-doh-and-ipfire-blocked-dns-ports/146=
6/3

The author links an article that explains how Firefox decides to enable DoH.

I do not want DoH. I do not like it. Mozilla is doing something really really=
 bad here.

We could consider always blocking this domain and always return NXDOMAIN or s=
omething else that falls into the =E2=80=9Cnegative=E2=80=9D category.

That way we can guarantee (at least for now) that Firefox users will still us=
e the IPFire resolver.

Would anybody be against this?

-Michael

--===============7874468724464454389==--