Home > News content

Firefox on OpenBSD disables DoH by default

via:博客园     time:2019/9/15 17:08:40     readed:49

Mozilla had announced that DNS over HTTPS (DoH) would be launched by the end of this month, and Firefox would default to DoH instead of traditional DNS. But OpenBSD recently decided on its distribution systemDoH is disabled by default on Firefox

orgsrc=//img2018.cnblogs.com/news/34358/201909/34358-20190915083202866-606971214.jpg

Compared with traditional DNS, collaborating with cloud service providers to issue DNS requests via HTTPS has little impact on the performance of cache-free DNS queries. Most queries are only about 6 milliseconds slow, but Mozilla considers this acceptable cost from the perspective of balancing security and protecting privacy data. And in some cases, it can even be hundreds of milliseconds faster than traditional DNS.

This may be a good improvement for the average user, but all user resolution traffic needs to go through a third-party cloud vendor, which may also have privacy and data security issues. The OpenBSD project thought this was inappropriate, so it changed Firefox's default DoH-enabled approach:

DoH is disabled by default. Although encrypting DNS may be a good thing, by default, sending all DNS traffic to Cloudflare is not a good idea. Applications should follow OS configuration settings. DoH settings can still be overwritten if necessary.

In addition, OpenBSD has no software package to support running its own DoH server. OpenBSD 6.6 is expected to include PowerDNS dnsdist 1.4.0 supporting DoT (DNS over TLS) and DoH in the software package. At present, running your own DoH server, you need to make some configuration modifications for Firefox.

https://wiki.mozilla.org/Trusted_Recursive_Resolve

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments