Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously.
[X] I updated to the latest version of Multi-Account Container and tested if I can reproduce the issue
[X] I searched for existing reports to see if it hasn't already been reported
Step to reproduce
Configure a per-container SOCKS proxy (using a proxy that supports remote hostname lookups)
Enable DoH in the Firefox settings, using a DNS resolver different from what the SOCKS proxy uses, using either "Increased Protection" or "Max Protection"
Visit any DNS resolver debugging websites
Actual behavior
DNS is queried via both the remote SOCKS proxy and the local DoH resolver, as evidenced by the resolver site showing queries from both the DoH and the SOCKS proxy's DNS resolver.
The responses to the local DoH resolver seem to be actually disregarded for HTTP requests, e.g. when I block a given domain on the DoH resolver at the DNS level (making it return NXDOMAIN), page loads will still work due to the valid response to the SOCKS proxy's resolver.
Expected behavior
DNS is queried only via the remote SOCKS proxy.
Additional informations
I've verified that this happens without any extensions that perform CNAME uncloaking such as uBlock (which is normally a source of "DNS leaks"), and also with Enhanced Tracking Protection disabled.
It does not happen with DoH set to "Off", in which case all queries go through the proxy's resolver.
Provide a copy of Troubleshooting Information page (optional)
Before submitting a bug report
Step to reproduce
Actual behavior
DNS is queried via both the remote SOCKS proxy and the local DoH resolver, as evidenced by the resolver site showing queries from both the DoH and the SOCKS proxy's DNS resolver.
The responses to the local DoH resolver seem to be actually disregarded for HTTP requests, e.g. when I block a given domain on the DoH resolver at the DNS level (making it return NXDOMAIN), page loads will still work due to the valid response to the SOCKS proxy's resolver.
Expected behavior
DNS is queried only via the remote SOCKS proxy.
Additional informations
I've verified that this happens without any extensions that perform CNAME uncloaking such as uBlock (which is normally a source of "DNS leaks"), and also with Enhanced Tracking Protection disabled.
It does not happen with DoH set to "Off", in which case all queries go through the proxy's resolver.
Provide a copy of Troubleshooting Information page (optional)
No response