New Firefox DOH feature

[modem7]

Hey guys,

I understand that Firefox is coming out/already out with a DOH feature, which from what I read, can and will bypass network level things like DNSCrypt.

I see here: https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/plugin_firefox.go that a fix is already implemented, do we need to change anything in our configs, or is this on and ready to go?

Thanks!

(Please close when required)

[ghost]

You must not do a thing provided you have relatively new version installed, here from my server logs:

[2019-09-20 11:40:29] [NOTICE] dnscrypt-proxy 2.0.27
[2019-09-20 11:40:29] [NOTICE] Network connectivity detected
[2019-09-20 11:40:29] [NOTICE] Source [public-resolvers.md] loaded
[2019-09-20 11:40:29] [NOTICE] Firefox workaround initialized

[AlphaTangoCharly]

Firefox users who don't use the browser's built-in DNS-over-HTTPS (likely because they use DNSCrypt-proxy) may be advised to assure it is deactivated by setting (in abaout:config or user.js):

// disable Firefox's DNS-over-HTTPS (DoH) (FF60+)
// TRR = Trusted Recursive Resolver
// 0=off, 1=race (removed in FF69), 2=TRR first, 3=TRR only, 4=race for stats but always use native result (removed in FF69), 5=explicitly turned off
pref("network.trr.mode", 5);
pref("network.trr.bootstrapAddress", "");
lpref("network.trr.uri", "");
pref("network.trr.custom_uri", "");

I've never used it and i don't even know if it's on by default. Above settings to be sure it's disabled.

[jedisct1]

If I understoold correctly, the plan is to turn in on by default soon. But there is a way for an existing DNS stub resolver too tell Firefox to turn it off, and this is the workaround implemented in dnscrypt-proxy.

They documented the workaround, but the code for it doesn't seem to be in Firefox yet.

So, wait and see. I keep watching what they are doing, and will update the workaround accordingly if needed.