Comment by TacticalCoder
2 days ago
> And I block common DoH addresses.
You can also force the browser to behave in "corporate" mode, where DNS requests are analyzed by the corporation (you in this case) to determine which domains can and which cannot be accessed by employees (you and your family in this case).
Here for Firefox:
https://support.mozilla.org/en-US/kb/firefox-dns-over-https
"This article describes DNS over HTTPS and how to enable, edit settings, or disable this feature."
Notice the "or disable this feature".
You change the "trr" value (trusted recursive resolver) and DoH is not supposed to happen anymore.
Setting the browser to not use DoH and blocking known DoH servers is great.
What I wonder is if can then easily configure my DNS resolver (I run unbound) to itself use DoH: I don't have anything against DoH. What I have something against is not being able to blocklist based on domain names.
I don't know about GP's motivations in doing the blocking and redirections, but if they're anything like mine, Firefox is not one of them. The main issue is random "IoT" devices, think smart TVs and the like, phoning home for a fresh batch of ads and whatnot.