Preventing Firefox to switch to DoH does not work by default #3167
Comments
|
Thanks for the report, can you provide a debug run token so we can see if the configs are applied correctly? |
|
Contacting the list maintainer as well. |
|
Added the debug token. |
dschaper
added
triage: Issue
|
I ran into the same issue; in a fresh pihole install, there are entries in List maintainers should remove entries for |
|
Workarounds are to either use BLOCKINGMODE=NXDOMAIN or to whitelist use-application-dns.net. |
|
@dschaper as a temporary fix until the lists are updated to remove the entries? |
|
Or as prevention from them being included in the future. |
|
That makes sense. It seemed strange to me that pihole would include |
|
Pi-hole does not curate or control the list content. They are maintained by community members. |
|
This should be resolved with the lists mentioned. Closing for now. |
|
Does this issue applies toV5 Beta and will this fix be made available on that version as well? |
|
Beta 5 had it for a while now. No changes needed. |
|
This issue has been mentioned on Pi-hole Userspace. There might be relevant details there: https://discourse.pi-hole.net/t/use-application-dns-net/46131/8 |
In raising this issue, I confirm the following:
read and understood the contributors guide.
How familiar are you with the the source code relevant to this issue?:
1
Expected behaviour:
When runnig a query (
dig -t A use-application-dns.net,dig -t AAAA use-applications-dns.net) against Pi-hole I expect to getNXDOMAIN(or similar) to indicate that DoH should not be used by Firefox (canary domain).Actual behaviour:
0.0.0.0and::respectively are returned.Steps to reproduce:
Install most recent Pi-hole (9e49077).
/etc/dnsmasq.d/01-pihole.confwill containserver=/use-application-dns.net/. Make sure Pi-hole is your resolve and try to resolveuse-application-dns.net.Debug token provided by uploading
pihole -dlog:https://tricorder.pi-hole.net/1xa35wpouj
Troubleshooting undertaken, and/or other relevant information:
The problem seems to be that blacklists take place first and the default list contains a blacklist entry in StevenBlack's list. Adding a whitelist entry for
use-application-dns.netmakes the resolver returnNXDOMAINanyway. Maybe this should be the default; otherwise the setting in01-pihole.confintroduced by #2916 is probably useless by default.The text was updated successfully, but these errors were encountered: