X
Πατήστε εδώ για μετάβαση στην έκδοση της ιστοσελίδας για κινητές συσκευές.

Φόρουμ υποστήριξης

Firefox behavior if doh is blocked by firewall

Δημοσιεύτηκε

I am working on firewall which can block Doh request to cloudfare or any custom doh service provider. I would like to know if firewall silently drops/block what is the behavior of firefox? Does it automatically fallback to premise DNS server or fallback is config driven and if fallback disabled then it continue using DOH only in which case things will continue to fail forever. Is it possible firewall can generate some end user notification to browser so it can detect block (e.g connection refused etc) connection and fallback? Yes my firewall is kind of MITM and does terminate TCP connection so its firewall/proxy.

I am working on firewall which can block Doh request to cloudfare or any custom doh service provider. I would like to know if firewall silently drops/block what is the behavior of firefox? Does it automatically fallback to premise DNS server or fallback is config driven and if fallback disabled then it continue using DOH only in which case things will continue to fail forever. Is it possible firewall can generate some end user notification to browser so it can detect block (e.g connection refused etc) connection and fallback? Yes my firewall is kind of MITM and does terminate TCP connection so its firewall/proxy.

Επιλεγμένη λύση

Hi,

yes, if Firefox fails to resolve a domain via DoH, it should fallback to the DNS. You can modify this behaviour using the network.trr.mode preference. Possible values of this pref are:

  • 0 - Off (default). use standard native resolving only (don't use TRR at all)
  • 1 - Reserved (used to be Race mode)
  • 2 - First. Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
  • 3 - Only. Only use TRR. Never use the native (This mode also requires the bootstrapAddress pref to be set)
  • 4 - Reserved (used to be Shadow mode)
  • 5 - Off by choice. This is the same as 0 but marks it as done by choice and not done by default.


Type of the DNS connection you can check on the about:networking#dns page (it is a TRR column).

Ανάγνωση απάντησης σε πλαίσιο 0
Παράθεση

Επιπρόσθετες λεπτομέρειες συστήματος

Εφαρμογή

  • Πλατφόρμα χρήστη: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:70.0) Gecko/20100101 Firefox/70.0

Περισσότερες πληροφορίες

TyDraniu
  • Top 25 Contributor
335 λύσεις 1890 απαντήσεις
Δημοσιεύτηκε

Επιλεγμένη λύση

Hi,

yes, if Firefox fails to resolve a domain via DoH, it should fallback to the DNS. You can modify this behaviour using the network.trr.mode preference. Possible values of this pref are:

  • 0 - Off (default). use standard native resolving only (don't use TRR at all)
  • 1 - Reserved (used to be Race mode)
  • 2 - First. Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
  • 3 - Only. Only use TRR. Never use the native (This mode also requires the bootstrapAddress pref to be set)
  • 4 - Reserved (used to be Shadow mode)
  • 5 - Off by choice. This is the same as 0 but marks it as done by choice and not done by default.


Type of the DNS connection you can check on the about:networking#dns page (it is a TRR column).

Hi, yes, if Firefox fails to resolve a domain via DoH, it should fallback to the DNS. You can modify this behaviour using the ''network.trr.mode'' preference. Possible values of this pref are: * 0 - Off (default). use standard native resolving only (don't use TRR at all) * 1 - Reserved (used to be Race mode) * 2 - First. Use TRR first, and only if the name resolve fails use the native resolver as a fallback. * 3 - Only. Only use TRR. Never use the native (This mode also requires the bootstrapAddress pref to be set) * 4 - Reserved (used to be Shadow mode) * 5 - Off by choice. This is the same as 0 but marks it as done by choice and not done by default. Type of the DNS connection you can check on the about:networking#dns page (it is a TRR column).

Τροποποιήθηκε στις από το χρήστη TyDraniu

Σάς φάνηκε χρήσιμο;
Παράθεση

Ιδιοκτήτης ερώτησης

Thank you TyDraniu; this helps!

Thank you TyDraniu; this helps!
Σάς φάνηκε χρήσιμο;
Παράθεση
Κάντε μια ερώτηση

Πρέπει να συνδεθείτε στο λογαριασμό σας για να απαντήσετε στις δημοσιεύσεις. Παρακαλούμε ξεκινήστε μια νέα ερώτηση, αν δεν έχετε ήδη λογαριασμό.