From 37d7f2b1e7e11e63afe17abbf86d0858f3cf3596 Mon Sep 17 00:00:00 2001
From: jeff <jeff@i2p.rocks>
Date: Mon, 21 Oct 2019 09:32:24 -0400
Subject: [PATCH 1/2] disable DoH using mozilla's ISP backdoor record.

---
 llarp/dns/server.cpp | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/llarp/dns/server.cpp b/llarp/dns/server.cpp
index b74d498bc2..ca05738419 100644
--- a/llarp/dns/server.cpp
+++ b/llarp/dns/server.cpp
@@ -158,6 +158,25 @@ namespace llarp
         llarp::LogWarn("failed to parse dns message from ", from);
         return;
       }
+
+      // we don't provide a DoH resolver because it requires verified TLS
+      // TLS needs X509/ASN.1-DER and opting into the Root CA Cabal
+      // thankfully mozilla added a backdoor that allows ISPs to turn it off
+      // so we disable DoH for firefox using mozilla's ISP backdoor
+      // see: https://github.com/loki-project/loki-network/issues/832
+      for(const auto & q : msg.questions)
+      {
+        // is this firefox looking for their backdoor record?
+        if(q.IsName("use-application-dns.net"))
+        {
+          // yea it is, let's turn off DoH because god is dead.
+          msg.AddNXReply();
+          // press F to pay respects
+          SendServerMessageTo(from, std::move(msg));
+          return;
+        }
+      }
+
       auto self = shared_from_this();
       if(m_QueryHandler && m_QueryHandler->ShouldHookDNSMessage(msg))
       {

From bd07845dd39eb62e6a7182f9c44f3f1367131f88 Mon Sep 17 00:00:00 2001
From: Jeff Becker <jeff@i2p.rocks>
Date: Mon, 28 Oct 2019 10:44:56 -0400
Subject: [PATCH 2/2] make format

---
 llarp/dns/server.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/llarp/dns/server.cpp b/llarp/dns/server.cpp
index ca05738419..ad675c29ea 100644
--- a/llarp/dns/server.cpp
+++ b/llarp/dns/server.cpp
@@ -164,7 +164,7 @@ namespace llarp
       // thankfully mozilla added a backdoor that allows ISPs to turn it off
       // so we disable DoH for firefox using mozilla's ISP backdoor
       // see: https://github.com/loki-project/loki-network/issues/832
-      for(const auto & q : msg.questions)
+      for(const auto& q : msg.questions)
       {
         // is this firefox looking for their backdoor record?
         if(q.IsName("use-application-dns.net"))