[talk] DNS over TLS

George Rosamond george at ceetonetechnology.com
Thu Sep 12 19:00:00 EDT 2019

Brian Reynolds:
> George Rosamond wrote:
>> If you haven't heard, Firefox is enabling DOT by default.
>> I wasn't at the Vixie talk at vBSDCon on Friday, but apparently it is
>> worth hearing. We need to get him to speak when he's in NYC.
>> DOT means no more dns lookups over UDP to the locally configured
>> resolvers, but all straight to Cloudflare.
> It is my understanding that Paul Vixie was to talk about DNS over

Ah, I was misinformed!

> These both may have privacy and anonymity concerns, but I don't think
> that they have the same concerns.


> A meeting about both of these methods, and how we got here (i.e., why
> not DNSSEC) would be a good one.

Very much.

>> This is the relevant js to change in any user.js config file to never
>> use DOT:
>> https://wiki.mozilla.org/Trusted_Recursive_Resolver
>> pref("network.trr.mode", 5);
> I think you can also change that in Firefox's about:config page.  It
> looks like you can change the resolver name an url also.

Yes, I thought that was obvious, but should have stated.

That line above is what goes into a user.js or however you insert
changes to about:config with new profiles.


More information about the talk mailing list