Several places, but the main user/admin facing doc is probably this one -
https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
> Networks can signal to Firefox that there are special features such as
these in place that would be disabled if DoH were used for domain name
Where is this documented?
Cordially,
Nathaniel Suchy (they/them)
Sent from ProtonMail Mobile
On Sun, Mar 8, 2020 at 5:21 PM, Ben Tasker wrote:
> The canary domain will only disable DoH if you've been defaulted into using
> DoH.
>
> If you've actively turned it on, or set network.trr.mode to 3
The canary domain will only disable DoH if you've been defaulted into using
DoH.
If you've actively turned it on, or set network.trr.mode to 3 then the
canary will not disable it.
On Fri, Mar 6, 2020 at 2:58 PM Nathaniel Suchy <
nathanielsu...@protonmail.com> wrote:
> Even if that option is en
Even if that option is enabled it is my understanding that a network
administrator can still override your decision during a man in the middle
attack well you can imagine how this is problematic. I run a local DNS resolver
over Tor for my non-Tor traffic as I don’t trust Mozilla’s implementation
You can use network.trr.mode to enforce the use of DoT. IIRC 3 is to
enforce it and not using other DNS. When using network.trr.mode Firefox
should not do any other DNS than DoH. This should adress your concerns.
The best way is to use DoT and to have it directly implemented into your
router o
if they care about anti-censorship they would add Mozilla-over-Tor or
Mozilla-over-I2P. but nah it wasnt their intention to start with.
Note: This is not recently, look for example on their agreement with
cloudflare:
https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-poli
