baranyaib90
commented
2 years ago Sorry for the silence, I forgot to wrote, that I have no idea what this is. Could you please detail, what's expected to be implemented?
Closed stangri closed 2 years ago
baranyaib90
commented
2 years ago Sorry for the silence, I forgot to wrote, that I have no idea what this is. Could you please detail, what's expected to be implemented?
stangri
commented
2 years ago Well, it's a canary domain for Firefox. If you can make sure that https_dns_proxy returns NXDOMAIN for use-application-dns.net then Firefox will disable built in DoH.
Like I said I can make it happen on OpenWrt by manipulating Dnsmasq settings, but if you can have it done in the binary, I wouldn't have to.
baranyaib90
commented
2 years ago Thanks, now I maybe understand. Sadly for you I would like to recommend to do it on dnsmasq level since this proxy is dummy.
It can not parse DNS requests and can not create replys. It just shovel bytes from the UDP package (DNS request) through HTTPS and shovel back the received bytes in UDP package (DNS response). So it would be hard to implement and agains current design (dummy proxy).
aarond10
commented
2 years ago Ah, I also forgot to circle back to this and agree with @baranyaib90's comment. It was different in early versions when we were parsing DNS to/from JSON but we can't manipulate the contents any more.
This is based on the wish for the OpenWrt package: https://github.com/stangri/source.openwrt.melmac.net/issues/155
I can fix it by manipulating
dnsmasqsettings on OpenWrt, however I strongly believe the binary should support this (either by default or by invoking an option on the CLI).Link: https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet
@aarond10 @baranyaib90 -- please let me know if you can implement this in the
https_dns_proxybinary or not.