Hi,

> Gesendet: Dienstag, 03. März 2020 um 12:47 Uhr
> Von: "Michael Tremer" <michael.tremer(a)ipfire.org>
> An: "IPFire: Development-List" <development(a)lists.ipfire.org>
> Betreff: Should we block DoH by default?
>
> Hello,
> 
> A post on the community portal has raised my attention today:
> 
>   https://community.ipfire.org/t/firefox-doh-and-ipfire-blocked-dns-ports/1466/3
> 
> The author links an article that explains how Firefox decides to enable DoH.
> 
> I do not want DoH. I do not like it. Mozilla is doing something really really bad here.
> 
> We could consider always blocking this domain and always return NXDOMAIN or something else that falls into the “negative” category.
> 
> That way we can guarantee (at least for now) that Firefox users will still use the IPFire resolver.
> 
> Would anybody be against this?
> 

No, on the contrary.
If we build with much effort an evironment, that does DNS secoure and with minimal overhead in "spying" ( see the excellent blog article by Michael ), DoH would be contraproductive.

- Bernhard

> -Michael