How do I make firefox use the same local DNS resolver as anything else?

asked 2018-09-04 08:03:13 -0500

genodeftest gravatar image

I am running a local DNS resolver¹. In GNOME control center, I've set it as default DNS resolver. Many applications are respecting this configuration, including ping, wget, dnf and the whole GNOME stack including Epiphany. I know that because I increased log level in unbound and can find the host names I accessed in my logs.

DNS requests through firefox however are not being served by unbound, they are running somewhere else and not showing up in my logs. Why is that? How can I make firefox respect my DNS server settings?

PS: I already made sure that firefox is not using DNS-over-HTTPS by checking network.trr.mode to be 0 (I also tried with setting it to 5 which means "DoH disabled by user".

¹ I am using unbound because it does caching and sign+encrypt through DNS over TLS.

edit retag flag offensive close merge delete

Comments

Not familiar with Firefox, so just an idea, maybe there is something like DNS cache that Firefox maintains. Can you flush it?

Talking about DNS and DNS privacy, I'd like to throw in this link: https://blog.nightly.mozilla.org/2018...

florian gravatar imageflorian ( 2018-09-04 09:47:28 -0500 )edit

The URL is about DNS-over-HTTPS which I made sure is disabled.

Thanks, @florian, but I can also say for sure that Firefox cannot cache the DNS entries because when starting a new instance which has not been started for days (or weeks), the issue persists. Nightly is also affected. EDIT: Maybe you're right, after rebooting the computer, firefox does respect DNS resolver settings.

genodeftest gravatar imagegenodeftest ( 2018-09-04 11:20:02 -0500 )edit

@genodeftest: would you mind sharing brief instructions on to setup unbound as local DNS service?

florian gravatar imageflorian ( 2018-09-04 20:44:14 -0500 )edit

Little bit off-topic, but in regards to the privacy that Mozilla is promoting, I'd also like to throw in this link: https://blog.ungleich.ch/en-us/cms/bl...

florian gravatar imageflorian ( 2018-09-06 13:19:53 -0500 )edit

@florian: That's also about the trusted recursive resolver (TRR) using DNS-over-HTTPS with centralised infrastructure. Not what I am interested in. I have seen this covered on many FOSS/IT security blogs already. And yes, centralised infrastructure is prone to break due to criminal (including state) hacker attacks and other failure.

genodeftest gravatar imagegenodeftest ( 2018-09-07 01:46:32 -0500 )edit