Comments (7)
I don't know. I'm thinking about it. I guess I will remove it. Currently in the Firefox for Android app yes, you can manually disable DoH. I don't know if they take that ability away in the new Firefox Preview version, though.
from adaway.github.io.
Following up:
- Pi-hole v4.4 default - canary domain on blocklist
A/AAAA returns0.0.0.0
/::
and DoH is enabled. - Pi-hole v4.4 default - canary not on blocklist
A/AAAA returnsNXDOMAIN
from the addedserver=/use-application-dns.net/
entry added in this version and DoH disabled. - Pi-hole less than v.4.4 - canary not on blocklist
DoH enabled. - Pi-hole (any version) in NXDOMAIN blocking mode - canary domain on blocklist
A/AAAA returnsNXDOMAIN
from canary on blocklist and DoH disabled.
from adaway.github.io.
I thought this would force DoH off but instead it sounds like it just switches the resolution from actually resolving to Mozilla's server to simply resolving successfully to a 0.0.0.0 IP for pi-hole.
For the Android app NetGuard it returns a DNS response of 3 (or NXDOMAIN) when a hostfile includes a domain.
I have a pi-hole at home as well so my question is this: how would have that domain return NOERROR (NXDOMAIN/SERVFAIL) response so that pi-Hole handles Firefox's DNS lookups? It sounds like to get it to work, you would have to have it on a list but then configure pi-hole w/ an NXDOMAIN or SERVFAIL response rather than resolving to a 0.0.0.0 address, correct?
with a pi-hole in default configuration:
Scenario 1: have it on a blocklist. It resolves to 0.0.0.0 and Firefox enables DoH
Scenario 2: it isn't on a blocklist. It resolves to 63.245.208.212 and Firefox enables DoH
with a pi-hole in NXDOMAIN response configuration:
Scenario 3: have it on the blocklist and change pi-hole config to respond with NXDOMAIN response instead of a 0.0.0.0 address
/etc/pihole/pihole-FTL.conf
setting:
BLOCKINGMODE=NXDOMAIN
I would think you would have to change pi-hole's configurations AND have it on a blocklist to get pi-hole to tell Firefox not to use cloudflare, right?
from adaway.github.io.
If you do a lookup of use-application-dns.net
to a standard upstream resolver such as Cloudflare, it will return the IP of 63.245.208.212
. With the latest version of Pi-hole, FTL will return NXDOMAIN
for that query.
from adaway.github.io.
but then for NetGuard on Android users it will pass through since it doesn't have such a hardcoded rule.
from adaway.github.io.
I'm not too sure how the Android side of things would work - would there not be a system-wide (or Firefox application-wide) setting to toggle this functionality somewhere?
from adaway.github.io.
Just to follow up on this, as there unfortunately have been made changes to this...
I can unfortunately confirm this misbehavior from FF
dig use-application-dns.net
; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> use-application-dns.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43650
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;use-application-dns.net. IN A
from adaway.github.io.
Related Issues (20)
- Blacklist
- remove client-uc.heytapmobi.com HOT 5
- remove dpm.demdex.net
- Incorrectly identified as an advertiser HOT 1
- cmg.streamguys1.com
- cmg.streamguys1.com
- Remove tag.dickssportinggoods.com HOT 1
- Telstra - Our coverage maps HOT 5
- Filter disconnect AdGuard HOT 3
- DB Tracking HOT 4
- Remove siteintercept.qualtrics.com
- [false positive] Wrong block https://newslink.reuters.com HOT 2
- Remove nebula-cdn.kampyle.com
- remove split.io domains
- Add androiddownload.net
- 127.0.0.1 localhost records to 0.0.0.0
- Why is tinypass.com back in hosts HOT 1
- add mirando
- sdk.qikify.com breaks racedayquads.com menus
- Block OneTrust Privacy Annoyances
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adaway.github.io.