Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

Firefox on macOS not using default DNS resolver with DoH disabled

  • 4 відповіді
  • 0 мають цю проблему
  • 1 перегляд
  • Остання відповідь від ben184

more options

Firefox does not appear to be using my Mac's default DNS resolver when DNS over HTTPS is disabled. Here is my setup:

- I'm using Firefox 124.0.2 on macOS Sonoma 14.4.1. - DNS over HTTPS is set to Off in Firefox. - My Mac is configured to use a DNS server that blocks some domains, such as facebook.com. I have confirmed that this is working correctly by using the dig tool on the commandline: "dig facebook.com" receives a "status: REFUSED" response with an empty A record. - When I navigate to facebook.com or other domains that should be blocked in Firefox, they are resolved. My expectation is that they should fail to load and a DNS error should be displayed.

What I've tried:

- Confirmed via GUI and about:config that DNS over HTTPS is completely disabled in Firefox. - Cleared Firefox DNS cache via about:networking. - Confirmed every way I know how that macOS is configured to use my custom DNS resolver and that the resolver is refusing queries for the specific domains I expect to be blocked.

I'd be grateful for any suggestions anyone can provide.

Firefox does not appear to be using my Mac's default DNS resolver when DNS over HTTPS is disabled. Here is my setup: - I'm using Firefox 124.0.2 on macOS Sonoma 14.4.1. - DNS over HTTPS is set to Off in Firefox. - My Mac is configured to use a DNS server that blocks some domains, such as facebook.com. I have confirmed that this is working correctly by using the dig tool on the commandline: "dig facebook.com" receives a "status: REFUSED" response with an empty A record. - When I navigate to facebook.com or other domains that should be blocked in Firefox, they are resolved. My expectation is that they should fail to load and a DNS error should be displayed. What I've tried: - Confirmed via GUI and about:config that DNS over HTTPS is completely disabled in Firefox. - Cleared Firefox DNS cache via about:networking. - Confirmed every way I know how that macOS is configured to use my custom DNS resolver and that the resolver is refusing queries for the specific domains I expect to be blocked. I'd be grateful for any suggestions anyone can provide.

Обране рішення

Thanks for your response, jscher2000. I actually had the exact same train of thought and tried the HTTP logging feature. However, it turns out that this is not a Firefox problem, but rather a misunderstanding on my part regarding Apple's iCloud Private Relay Feature. Firefox works as expected if I disable iCloud Private Relay and clear my machine's DNS cache.

I had mistakenly believed that iCloud Private Relay would only be used for DNS in Safari and other Apple-developed, Private-Relay-enabled apps. Thus, my assumption was that if I kept Private Relay enabled, cleared the machine's DNS cache, and then immediately requested a site in Firefox, my configured DNS server would be used. However, it appears that the Private Relay DNS system is still used to perform the DNS lookup in that scenario.

Читати цю відповідь у контексті 👍 0

Усі відповіді (4)

more options

ben184 said

macOS is configured to use my custom DNS resolver

Support for platform-specific DNS APIs is currently being worked on in Nightly (Bug 1852752). The setting for this is network.dns.native_https_query in about:config.

more options

Thank you for your response. If I'm understanding that Bugzilla ticket that Bugzilla ticket correctly, it specifically relates to the task of resolving the "HTTPS" resource record type (as opposed to the "A" type, "AAAA" type, and so forth) without DoH. That seems like a different problem from what I'm experiencing.

My problem is that Firefox is not using my network connection's configured DNS server for basic A record resolution. Firefox does work as expected on a Windows machine on the same network.

Змінено ben184

more options

Hmm, I'm trying to figure out whether Firefox shows which DNS server it is using when it is NOT using DNS over HTTPS. (I'm not seeing it on about:networking#dns or about:networking#dnslookuptool. I don't see it in the log created according to https://developer.mozilla.org/docs/Mozilla/Debugging/HTTP_logging.)

I assume your Firefox is not using a proxy server or VPN, which might bypass system resolution.

more options

Вибране рішення

Thanks for your response, jscher2000. I actually had the exact same train of thought and tried the HTTP logging feature. However, it turns out that this is not a Firefox problem, but rather a misunderstanding on my part regarding Apple's iCloud Private Relay Feature. Firefox works as expected if I disable iCloud Private Relay and clear my machine's DNS cache.

I had mistakenly believed that iCloud Private Relay would only be used for DNS in Safari and other Apple-developed, Private-Relay-enabled apps. Thus, my assumption was that if I kept Private Relay enabled, cleared the machine's DNS cache, and then immediately requested a site in Firefox, my configured DNS server would be used. However, it appears that the Private Relay DNS system is still used to perform the DNS lookup in that scenario.