[talk] DoH and Firefox

George Rosamond george at ceetonetechnology.com
Thu Jul 8 17:06:09 EDT 2021

Should be a refresher for anyone who was at the "moments before COVID 
Vixie meeting" March 3 2020...

Last night I mentioned the DOH/DNS over HTTPS (versus DOT/DNS over TCP) 
and Firefox and it's in the news today:


Gotta love the headline:

Firefox extends privacy and security of Canadian internet users with 
by-default DNS-over-HTTPS rollout in Canada

While it's not just Cloudflare as the sole DoH provider with Mozilla's 
Trusted Recursive Resolvers, it does mean that operating system and 
network settings are bypassed by the browser.

Encrypting DNS lookups is the right thing to do, without question, but 
that's why DoT is the better direction. Tor Browser solved this issue a 
long while ago with tor-resolve.

Again, a useful example of privacy in relation to anonymity. You will 
gain privacy over regular UDP/53 DNS unencrypted lookups, and enjoy the 
centralization of all your resolving with one of the TRR members. They 
will work very hard to keep your lookups private from parties like your ISP.

And then they end up with all the metadata anyone needs to know about 
your internet browsing activities.

All in the name of privacy, of course.


More information about the talk mailing list