-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Preventing Firefox to switch to DoH does not work by default #3167
Comments
Thanks for the report, can you provide a debug run token so we can see if the configs are applied correctly? |
Contacting the list maintainer as well. |
Added the debug token. |
I ran into the same issue; in a fresh pihole install, there are entries in List maintainers should remove entries for |
Workarounds are to either use BLOCKINGMODE=NXDOMAIN or to whitelist use-application-dns.net. |
@dschaper as a temporary fix until the lists are updated to remove the entries? |
Or as prevention from them being included in the future. |
That makes sense. It seemed strange to me that pihole would include |
Pi-hole does not curate or control the list content. They are maintained by community members. |
This should be resolved with the lists mentioned. Closing for now. |
Does this issue applies toV5 Beta and will this fix be made available on that version as well? |
Beta 5 had it for a while now. No changes needed. |
This issue has been mentioned on Pi-hole Userspace. There might be relevant details there: https://discourse.pi-hole.net/t/use-application-dns-net/46131/8 |
In raising this issue, I confirm the following:
read and understood the contributors guide.
How familiar are you with the the source code relevant to this issue?:
1
Expected behaviour:
When runnig a query (
dig -t A use-application-dns.net
,dig -t AAAA use-applications-dns.net
) against Pi-hole I expect to getNXDOMAIN
(or similar) to indicate that DoH should not be used by Firefox (canary domain).Actual behaviour:
0.0.0.0
and::
respectively are returned.Steps to reproduce:
Install most recent Pi-hole (9e49077).
/etc/dnsmasq.d/01-pihole.conf
will containserver=/use-application-dns.net/
. Make sure Pi-hole is your resolve and try to resolveuse-application-dns.net
.Debug token provided by uploading
pihole -d
log:https://tricorder.pi-hole.net/1xa35wpouj
Troubleshooting undertaken, and/or other relevant information:
The problem seems to be that blacklists take place first and the default list contains a blacklist entry in StevenBlack's list. Adding a whitelist entry for
use-application-dns.net
makes the resolver returnNXDOMAIN
anyway. Maybe this should be the default; otherwise the setting in01-pihole.conf
introduced by #2916 is probably useless by default.The text was updated successfully, but these errors were encountered: