privacyguides/privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

dns: document enabling Firefox TRR

Browse Source
This commit is contained in:
Mikaela Suomalainen 2019-08-25 13:38:12 +03:00
parent 4cd0f2e735
commit 7077f4caa5
No known key found for this signature in database
GPG Key ID: 0C207F07B2F32B67
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
_includes/sections/dns.html
View File

@ -307,6 +307,10 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<li><strong>Encrypted DNS clients for desktop:</strong>
<ul>
<li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
<ul>
<li>DNS-over-HTTPS can be enabled in Menu -> Settings -> Network Settings -> Settings -> [x] enable DNS over HTTPS, use provider: custom, and enter the address you find from the documentation of your DoH provider.</li>
<li>Advanced users may enable it in `about:config` by setting `network.trr.custom_uri` and `network.trr.uri` as the address you find from the documentation of your DoH provider and `network.trr.mode` as `2`. It may also be desirable to set `network.esni.enabled` to `True` in order to encrypt SNI and make sites supporting ESNI a bit more difficult to track.</li>
</ul>
</ul>
</li>
<li><strong>Encrypted DNS clients for mobile:</strong>
@ -330,6 +334,13 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
</li>
<li><strong>Further reading:</strong>
<ul>
<li>On Firefox, DoH and ESNI</li>
<ul>
<li><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver">Trusted Recursive Resolver (DoH) on MozillaWiki</a></li>
<li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1500289">Firefox bug report requesting the ability to use ESNI without DoH</a></li>
<li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1542754">Firefox bug report requesting the ability to use Android 9+'s Private DNS directly without having to enable DoH</a></li>
<li><a href="https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/">Encrypt it or lose it: how encrypted SNI works on Cloudflare blog</a></li>
</ul>
<li><a href="https://www.isc.org/blogs/qname-minimization-and-privacy/">QNAME Minimization and Your Privacy</a> by the Internet Systems Consortium (ISC)</li>
<li><a href="https://www.isc.org/dnssec/">DNSSEC and BIND 9</a> by the ISC</li>
</ul>