Firefox conflict with Windows HTTPS (DoH) -> Requipred DoH
When setting Windows to "Require DoH", firefox will not resolve DNS addresses, regardless of which "Enable secure DNS" setting is picked in FireFox security settings tab.
I expected at least "Off -- Use your default DNS resolver" to work.
If Windows is configured to just "Allow DoH", Firefox has no issues resolving DNS addresses, for any of the Firefox policy settings.
For reference, you can find the DoH policy setting in windows group policy editor, here:
gpedit.msc
Computer Configuration -> Administrative Templates -> Network -> DNS Client -> Configure DNS over HTTPS
(Have to enable it, then select Configure DoH options: Require DoH.)
you may need to issue a gpupdate /force for the setting to be picked up quickly.
Όλες οι απαντήσεις (2)
Here's a bit more information: ipv4 and ipv6 DNS server addresses are manually configured (say for 1.1.1.1) on the network interface. Microsoft Edge browser works fine at setting "Require DOH". nslookup also works fine at "Require DOH".
I can reproduce the steps above. It seems Firefox's call to getaddrinfo is getting blocked when the policy is set to require DoH. I found that setting the DoH configuration in Settings (Win+I) > Network & Internet > Properties > DNS server > Manual > [Input cloudflare IPs] makes the policy configuration work.
I also found that Chrome also fails to resolve any domains if the policy is set to require DoH without configuring the appropriate server.
I'm not sure why the DNS resolution isn't getting blocked in Edge or nslookup, but not in Firefox or Chrome. I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1857473 to take a look at that, but ultimately I think this configuration is incorrect (require DoH policy without configuring the DoH servers)