Hi,
Gesendet: Dienstag, 03. März 2020 um 12:47 Uhr Von: "Michael Tremer" michael.tremer@ipfire.org An: "IPFire: Development-List" development@lists.ipfire.org Betreff: Should we block DoH by default?
Hello,
A post on the community portal has raised my attention today:
https://community.ipfire.org/t/firefox-doh-and-ipfire-blocked-dns-ports/1466...
The author links an article that explains how Firefox decides to enable DoH.
I do not want DoH. I do not like it. Mozilla is doing something really really bad here.
We could consider always blocking this domain and always return NXDOMAIN or something else that falls into the “negative” category.
That way we can guarantee (at least for now) that Firefox users will still use the IPFire resolver.
Would anybody be against this?
No, on the contrary. If we build with much effort an evironment, that does DNS secoure and with minimal overhead in "spying" ( see the excellent blog article by Michael ), DoH would be contraproductive.
- Bernhard
-Michael