disable doh on local network

netblue30 / fdns

Firejail DNS-over-HTTPS Proxy Server

GNU General Public License v3.0

122 stars 30 forks source link

disable doh on local network #32

Closed sblighting closed 4 years ago

sblighting commented 4 years ago

etc/doh - doh domain list etd/apparmor/usr.bin.fdns - and etc/doh to apparmor list src/fdns/filter.c - add some doh servers in default list, renamed some functions for consistency src/fdns/server.c - push our servers in the ad-filter list src/fdns/main.c - load our server list for test commands src/fdns/fdns.h - compile warnings

netblue30 commented 4 years ago

all merged, thanks!

rusty-snake commented 4 years ago

The ESNI implementation of firefox requires ATM that firefox resolves DNs itself suing its own DoH implementation. See the bugzilla ticket [1]. Some users might want this. Therefore it would be help full to have an --allow-local-doh options.

ESNI references: about:config: network.security.esni.enabled https://bugzilla.mozilla.org/show_bug.cgi?id=1500289 [1] https://www.cloudflare.com/ssl/encrypted-sni (Test) https://en.wikipedia.org/wiki/ESNI https://blog.cloudflare.com/esni/

rusty-snake commented 4 years ago

FYI: network.trr.mode = 3 (=DoH without system fallback) requires network.trr.bootstrapAddress so firefox can still use DoH if it has an IP-Addr rather than only a domain name.

Why does firefox' spell checker not know the word firefox?

sblighting commented 4 years ago

I'm adding --allow-local-doh :)