OpenBSD Journal

DoH disabled by default in Firefox

Contributed by Paul 'WEiRD' de Weerd on from the put-your-names-in-the-crypt dept.

On Monday, Otto (otto@) committed a small but significant change to the Firefox port.

Date: Mon, 9 Sep 2019 12:50:35 -0600 (MDT)
From: Otto Moerbeek <otto@[elided]>
Subject: CVS: ports

CVSROOT:        /cvs
Module name:    ports
Changes by:    2019/09/09 12:50:35

Modified files:
        www/mozilla-firefox: Makefile
        www/mozilla-firefox/files: all-openbsd.js

Log message:
Disable DoH by default.  While encrypting DNS might be a good thing,
sending all DNS traffic to Cloudflare by default is not a good idea.
Applications should respect OS configured settings.
The DoH settings still can be overriden if needed. ok landry@ job@

If you are running your own DNS over HTTPS (DoH) server, you may want to point Firefox at it using the network.trr.uri configuration option in about:config, and overriding the network.trr.mode setting that Otto changed to 5 in this commit to 3. For more details on how to configure Firefox's use of DoH, please see their wiki.

(Comments are closed)

  1. By mccoma (mccoma) on

    Is there a package for OpenBSD to run your own DNS over HTTPS server?

    1. By Otto Moerbeek (ottom) on

      Not yet. unbound (in base) support DoT (DNS over TLS)
      Th upcoming PowerDNS dnsdist 1.4.0 release will support both DoT and DoH. I expect it to be included in the packages for the upcoming OpenBSD 6.6 release.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]