So what I take from Mozilla's document on disabling DoH in #Firefox (support.mozilla.org/en-US/kb/c) is that I add "use-application-dns.net" to the blacklist in Pi-hole?

Now it would be nice if that was a standard for all software that thinks DoH is a good idea, but I guess that's improbable...

(Also why would any network that does DNS interception pass that canary domain? Making it so easy for providers to disable DoH kinda defeats the stated intent of protecting users of malicious networks...)

@galaxis I see the canary only as a temporary solution to be able to deploy DoH quick. DoH in this setup already helps with a lot of "free" WIFI hotspots that gather data from the users but will not be updated for a long time.

Firefox could display indication when the canary is found, making it visible to the user that the network operates under "policy".

As for making the canary a standard: come join the IETF and make it happen.

Follow

@galaxis

Just found, there is already an Internet Draft at the IETF that might become a RFC:

tools.ietf.org/html/draft-grov

Everyone in favor or against this idea of having a canary domain could come to the IETF and help with finding consensus.

Joining the IETF is free for everyone, remote participation via mailing list, jabber(xmpp) and live streaming sessions

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!