Turning on Protected Browsing that uses canary domain after DoH is enabled by default does not disable DoH

mozilla / doh-rollout

DEPRECATED - Add on for initial DoH rollout

Mozilla Public License 2.0

7 stars 4 forks source link

Turning on Protected Browsing that uses canary domain after DoH is enabled by default does not disable DoH #117

Closed kontrolldkaos closed 5 years ago

kontrolldkaos commented 5 years ago

I have Xfinity and I am not using Parental Controls/Protected Browsing.
DoH is Enabled due to above
I decide to turn ON Protected browsing - Canary domain is set to NXDOMAIN - This does not and will not trigger a network event on my device.
DoH is still enabled until a complete shut down of FF and restart. (On Macs, clicking the 'x' doesn't really close FF completely and seems to still hold previous DoH settings.)

Originally posted by @kontrolldkaos in https://github.com/mozilla/doh-rollout/issues/113#issuecomment-535516778

kontrolldkaos commented 5 years ago

I have done some further testing and can get expected blocked pages for websites that should be blocked, but it seems that all other DNS traffic is still going through the DoH server via looking at about:networking#dns, also the initial DNS request for a blocked website does go to the DoH server first.

nhi-nguyen commented 5 years ago

@kontrolldkaos we only run the detection code on network changes and browser restart. You said it works if you restart the browser. Does it disable DoH after you turn on Protected Browing and then disconnect/reconnect your network?

kontrolldkaos commented 5 years ago

There is no network event happening in this use case and never will, though if I do force network disconnect/reconnect, doh will be disabled.

nhi-nguyen commented 5 years ago

if I do force network disconnect/reconnect, doh will be disabled.

Then it is working as designed. We don't rerun detection on changes that happen outside of the computer or the running instance of Firefox.