We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Αναζήτηση στην υποστήριξη

Προσοχή στις απάτες! Δεν θα σας ζητήσουμε ποτέ να καλέσετε ή να στείλετε μήνυμα σε κάποιον αριθμό τηλεφώνου ή να μοιραστείτε προσωπικά δεδομένα. Αναφέρετε τυχόν ύποπτη δραστηριότητα μέσω της επιλογής «Αναφορά κατάχρησης».

Μάθετε περισσότερα

Firefox conflict with Windows HTTPS (DoH) -> Requipred DoH

  • 2 απαντήσεις
  • 0 έχουν αυτό το πρόβλημα
  • 1 προβολή
  • Τελευταία απάντηση από Valentin

more options

When setting Windows to "Require DoH", firefox will not resolve DNS addresses, regardless of which "Enable secure DNS" setting is picked in FireFox security settings tab.

I expected at least "Off -- Use your default DNS resolver" to work.

If Windows is configured to just "Allow DoH", Firefox has no issues resolving DNS addresses, for any of the Firefox policy settings.

For reference, you can find the DoH policy setting in windows group policy editor, here:

gpedit.msc

Computer Configuration -> Administrative Templates -> Network -> DNS Client -> Configure DNS over HTTPS

(Have to enable it, then select Configure DoH options: Require DoH.)

you may need to issue a gpupdate /force for the setting to be picked up quickly.

When setting Windows to "Require DoH", firefox will not resolve DNS addresses, regardless of which "Enable secure DNS" setting is picked in FireFox security settings tab. I expected at least "Off -- Use your default DNS resolver" to work. If Windows is configured to just "Allow DoH", Firefox has no issues resolving DNS addresses, for any of the Firefox policy settings. For reference, you can find the DoH policy setting in windows group policy editor, here: gpedit.msc Computer Configuration -> Administrative Templates -> Network -> DNS Client -> Configure DNS over HTTPS (Have to enable it, then select Configure DoH options: Require DoH.) you may need to issue a gpupdate /force for the setting to be picked up quickly.

Όλες οι απαντήσεις (2)

more options

Here's a bit more information: ipv4 and ipv6 DNS server addresses are manually configured (say for 1.1.1.1) on the network interface. Microsoft Edge browser works fine at setting "Require DOH". nslookup also works fine at "Require DOH".

more options

I can reproduce the steps above. It seems Firefox's call to getaddrinfo is getting blocked when the policy is set to require DoH. I found that setting the DoH configuration in Settings (Win+I) > Network & Internet > Properties > DNS server > Manual > [Input cloudflare IPs] makes the policy configuration work.

I also found that Chrome also fails to resolve any domains if the policy is set to require DoH without configuring the appropriate server.

I'm not sure why the DNS resolution isn't getting blocked in Edge or nslookup, but not in Firefox or Chrome. I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1857473 to take a look at that, but ultimately I think this configuration is incorrect (require DoH policy without configuring the DoH servers)