![Firefox logo](https://assets-prod.sumo.prod.webservices.mozgcp.net/media/uploads/products/2020-04-14-08-36-13-8dda6f.png)
Using network.trr.mode = 3
While using FF 68 and setting network.trr.mode to a value of 3 no resolution of any site works. This mode only uses DNS over https and does not fall back.
Is DNS over HTTPS DOH work in this mode?
Zgjidhje e zgjedhur
Mace2 said
Yes. google does have DOH. see site https://threatpost.com/google-announces-dns-over-https-general-availability/146057/
That links to their blog --
https://security.googleblog.com/2019/06/google-public-dns-over-https-doh.html
-- which has the URLs I think you need:
https://dns.google/dns-query
Lexojeni këtë përgjigje brenda kontekstit 👍 0Krejt Përgjigjet (15)
Hi
Yes, it should work fine in that mode (I have tried it myself). Have you set network.trr.bootstrapAddress to a DNS resolver?
My network.trr.bootstrapAddress address is blank.
I have set the network.trr.mode to 2 and it works then I set a value of 3 and FF works for a while and will stop at random period without recovering. When I view it on a sniffer FF isn't even sending any requests out to the wire. to correct I have to set network.trr.mode to 2 again.
With DOH is selected with cloudflare alone and no value placed for network.trr.bootstapAddress should FF work when network.trr.mode=3 is selected?
When I put 1.1.1.1 for network.trr.bootstrapaddress it works. However I noticed that I get an IP address of 108.162.240.29 resolving instead of 1.1.1.1.
Is this normal ?
For me
https://mozilla.cloudflare-dns.com/dns-query
is being resolved as
104.16.249.249:443
(according to the Browser Console)
Since it's a CDN, differences are probably a normal part of the load balancing.
I agree. I did try to get a direct resolution from 108.162.240.29 by substituting 1.1.1.1 with 108.162.240.29 but it did not work.
If I change network.trr.bootstrapAddress = 8.8.8.8 and then run DNS leak
https://www.dnsleaktest.com/results.html
I get cloudflare IP address instead of google DNS address. Is DNS over http in firefox officially operational or still in the testing phase?
Mace2 said
If I change network.trr.bootstrapAddress = 8.8.8.8 and then run DNS leak https://www.dnsleaktest.com/results.html I get cloudflare IP address instead of google DNS address.
What were you expecting to see?
If you set Firefox to use TRR only (network.trr.mode=3), you need a bootstrap address to get the IP address of the selected DNS resolver (network.trr.uri). Otherwise, Catch-22, Firefox can't get the address of the resolver because it doesn't know the address of the resolver. Once Firefox has the resolver address, the bootstrap has served its purpose.
I was expecting 8.8.8.8 to resolve via DOH and a DNS leak test would only show Googles DNS 8.8.8.8. However I believe that cloudflare is the only DOH provider that has a direct IP address of 1.1.1.1 and 1.0.0.1. Is that correct?
Mace2 said
I was expecting 8.8.8.8 to resolve via DOH and a DNS leak test would only show Googles DNS 8.8.8.8.
I don't know how the leak test page works. However, most likely, by the time you loaded it, Firefox was exclusively using the TRR resolver for DNS.
However I believe that cloudflare is the only DOH provider that has a direct IP address of 1.1.1.1 and 1.0.0.1. Is that correct?
You can look up the registered "owner" (controlling party) of an IP address here:
- North America: https://whois.arin.net/ui/
- Asia-Pacific: https://wq.apnic.net/static/search.html (for 1.1.1.1)
- Europe/Middle East: https://apps.db.ripe.net/db-web-ui/#/query
I am aware how to investigate a domain owner information.
I am looking to find out if any other DOH provider functions using only an IP address? It does not appear at this time I can use an IP address with others such as googles 8.8.8.8.
Mace2 said
I am looking to find out if any other DOH provider functions using only an IP address? It does not appear at this time I can use an IP address with others such as googles 8.8.8.8.
Does Google offer DOH service??
Here are some lists of DOH providers you could look into:
- https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers
- https://en.wikipedia.org/wiki/Public_recursive_name_server
It appears network.trr.uri will always take an https:// URL and not a bare IP address.
Yes. google does have DOH. see site https://threatpost.com/google-announces-dns-over-https-general-availability/146057/
But with my Mac OS, FF set for network.trr.mode = 3 (no fall back to any other DNS) and the custom field set for 8.8.8.8 FF does not resolve any sites. Why should this occur if they all follow DOH standard?
Zgjidhja e Zgjedhur
Mace2 said
Yes. google does have DOH. see site https://threatpost.com/google-announces-dns-over-https-general-availability/146057/
That links to their blog --
https://security.googleblog.com/2019/06/google-public-dns-over-https-doh.html
-- which has the URLs I think you need:
https://dns.google/dns-query