On Sun, 2020-04-12 at 13:21 +0300, Reco wrote: > On Sun, Apr 12, 2020 at 12:10:45PM +0200, to...@tuxteam.de wrote: > > That's why I cringe at the idea that browsers want to start doing > > name resolution over HTTPS. > > This simple one line of dnsmasq configuration will disable this > problematic feature for good for Firefox (basically it creates a > bogus > NXDOMAIN response for this particular site): > > local=/use-application-dns.net/ >
Technically, that doesn't disable it, just just disables any 'on by default' DoH [1]. For individual users worried about this, it would be simpler not to accept it when Firefox asks to enable it, or to disable it it with a config option. [2] That would be needed to be done anyway for mobile devices that can roam to different networks. [1] https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet [2] https://support.mozilla.org/en-US/kb/firefox-dns-over-https -- Tixy
