Implement canary domain signal for Firefox

[ameshkov]

DNS queries for the A and AAAA records for the domain “use-application-dns.net” must respond with NXDOMAIN rather than the IP address retrieved from the authoritative nameserver.

https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https

IMPORTANT: it must be done in dnsproxy because we need this in mobile versions as well.

[hoshsadiq]

Hello @ameshkov and @szolin. In my opinion this should be a opt-in configuration option. As you said in changelog, it's not that we think CloudFlare is bad (neither that they're good for that matter), but it's about choice, so there's no need to force such as a behaviour onto users. I personally will be disabling Mozilla's DoH when it eventually hits Europe, but even so, it should be an opt-in feature.

[ghost]

I think it's not important and we can have this after some months #821 then it's not necessary for let such kid(mozilla) to enjoy 😉

[ameshkov]

@hoshsadiq AdGuard Home is a DNS filtering solution so when someone uses it, they basically explicitly state that they want to filter their DNS queries. I think that this alone already counts as opt-in.

I was also thinking about making it an opt-out feature, but here are two reasons of why not to:

1. AG Home by itself provides encrypted DNS
2. You can simply configure FF to use a resolver you want (and this will be a clear opt-out).