Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I do not use DoH and have it disabled in Firefox with network.trr.mode=5 in about:config page as described in the link [1] below.

[1] https://support.mozilla.org/en-US/kb/firefox-dns-over-https

This way I get best of both worlds. Speed with NXDOMAIN and lack of needless CloudFlare DoH requests.

Hope that helps.



I configured Firefox to use my local DoH server instead. That way I don't have to fight against DoH, I get the (few) benefits of ESNI and can still choose what my upstream servers will be. Your solution is also good and it is what we configured at work (through group policies). You or someone else reading may find this[1] and this[2] useful.

[1] https://github.com/mozilla/policy-templates#dnsoverhttps

[2] https://cloud.google.com/docs/chrome-enterprise/policies/?po...


Thanks for pointing this out, I will dig more into this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: