Mozilla Firefox

Discussion in 'other software & services' started by Hadron, Aug 27, 2016.

  1. lolnothankyou

    lolnothankyou Registered Member

    Joined:
    Jul 29, 2018
    Posts:
    59
    Location:
    DisableLocation
    I use my ISP's DNS.
     
  2. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    342
    Location:
    CSA Consulate, Glos., UK
    I use my own caching server service. Acrylic, It's easy to set up. Used Maradns' Deadwood core before that until he stopped updating it as much as before. There is an August 2018 version I will have to try.

    Point is, you still need to get the IP addresses for the corresponding url's in your request from an authoritative ICANN root server. and it requires them to send the info to you somehow.
    you gotta trust somebody in the routing chain of request to get your reply. I use acrylic to use cloudflare'sdns server, I welcome any info that their statement on security are lies. Sometimes you CAN set a thief to catch a thief...
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,747
    Location:
    Slovenia
    I have exactly the same feeling :) I'm a little bothered by sharing that data with 3rd party but at the same time not willing to set up something similar myself. :)
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,048
    Location:
    USA
    Exactly. I understand why some folks dislike certain providers, but I wonder who they do feel they can trust?
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,463
    "server" is wrong - its a resolver with cache like windows dns service.

    if you speak about "server" you need to hold a copy of ALL entries like google dns or cf dns - thats not possible because you are a not part of this trusted group. so at least you only resolve addresses and keep its entries you had used.
     
  6. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,202
    Location:
    Member state of European Union
    This is not how DNS works. CF and Google don't hold a copy of all DNS entries. Nobody holds all entries. This system is distributed. They only cache queried domains for some time to speed things up, but after some time they query authoritative DNS servers like all other recursive DNS providers.
     
  7. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,202
    Location:
    Member state of European Union
    You have setup your own caching DNS stub server, but some people setup their own recursive (which can usually also cache) DNS server.
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    34,596
    Mozilla announces Firefox will block trackers by default
    August 30, 2018
    https://venturebeat.com/2018/08/30/mozilla-announces-firefox-will-block-trackers-by-default/
     
  9. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I tend to think of Mrkvonic like a clown. When he's not trying to make you laugh with stupidity he's busy promoting something (hes websites/articles). Sometimes I wish Wilders would have a "post of the year" because that clearly was.

    Also the earth is flat.

    10/10
     
  10. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,865
    Yes, this is what I've done. More details here.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,122
    Location:
    The Netherlands
    I think this DoH idea sounds cool, but you do rise an interesting point.
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,837
    I second lolnothank you. There are many problems with this idea.
    Like if your browser is hijacked, then your dns queries are also compromised at the same time.
    Or if you use a different browser, you get different dns results (your isp versus cloud provider).
    And then there's latency. And privacy implications. And more.
    Mrk
     
  13. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Can you please actually learn how things work before posting false assertions and confusing future readers, thanks!
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,837
    Be specific. Where does it say in the internet model (however many stacks) that an application should act as a dns server?
    I know how things work, and this is why I find 99% of all technology fads and buzzwords and ideas to be nothing but gimmicks.
    Mrk
     
  15. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,202
    Location:
    Member state of European Union
    Firefox acts as DNS client with cache.

    When it comes to privacy: do you really trust your ISP at home? Or maybe somebody is sometimes in shopping mall with laptop or train using publicly open WiFi? Does this user should trust ISP at train?
     
  16. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,865
    Well said. Nevertheless I hope that this feature - once it arrives in FF stable - will not be opt-out but rather opt-in.
     
  17. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,463
    firefox has its own dns cache since a decade!
    http://forums.mozillazine.org/viewtopic.php?f=38&t=510305
    https://ccm.net/faq/555-disabling-the-dns-cache-in-mozilla-firefox

    not sure, what you talk about, but if you meant Doh this is available since v60 but has no dialog to fill out, that is coming up with v63.
    there exist no problem as long you can change the resolver with easy in your router or operating system. until DoH firefox is filling his cache this way, with DoH you have an alternative.

    source for this assumption?
    there exist only a master which is heavy protected, and this master distributes its informations to cf/g or any. those are real dns server because they dont need to cache any.

    https://en.wikipedia.org/wiki/Domain_Name_System
     
  18. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,202
    Location:
    Member state of European Union
    It is not assumption. It is knowledge. There is no one master server that holds all entries. There are tens of thousands authoritative DNS servers (or more). Google/Cloudflare/Your ISP connect only to these authoritative DNS servers that are required to resolve desired domain to IP.
     
  19. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,463
    i think you did not read any of my links, in special not wikipedia which explains the opposite of your assumption.
     
  20. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,202
    Location:
    Member state of European Union
    I read Wikipedia article (parts of it) and I generally agree with that. I just think you don't understand it correctly. There is no DNS server in whole DNS that stores all entries. Each authoritative DNS server has only small part of data. Actually I am preparing to configure and maintain one authoritative DNS server for my own domain.
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,837
    To answer the questions on trust - yes, I trust my isp.
    Do I trust isp on the train - as long as there are no invalid certificates, yes.

    Do I trust my browser (which is a commercial entity) to forward queries to yer another commercial entity? Perhaps, but I don't want to.

    DNS is DNS. Web is Web. Those two are unrelated. For that matter, you can encapsulate anything and send it over http/https. That's not the point.

    Mrk
     
  22. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,048
    Location:
    USA
    Talking about open wifi complicates the question IMHO. It's best to enable a VPN when using open wifi, and then everything is encrypted not just DNS requests.

    As for who to trust I think you have to define expectations. People regularly have this conversation when discussing VPNs, ie what do they share, do they keep logs, etc, etc. It seems to me we mostly have to rely on the published privacy policies of providers. It makes sense to try to minimize exposure, but for those who want to be anonymous on the internet, well, good luck with that ;)
     
  23. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Since when is Firefox a commercial entity?

    Since when is your ISP NOT a commercial entity?

    Lol. ISPs that don't implement DNS censorship are few and far between. Any remaining won't be for long.
     
  24. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,202
    Location:
    Member state of European Union
    When it comes to Cloudflare DNS its practices are going to be audited external company, so somebody will check whether their practices and privacy policy matches.
     
  25. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    745
    When I think of DNS, I like to prioritize it like this:

    1. I trust root DNS servers (but only because I have to!)
    2. I trust my own encrypted DNS server(s) that run on some VPS(es) somwhere around the world.
    3. I trust (for now) Quad9 and Cloudflare.
    4. I will never, ever, trust Google DNS, OpenDNS or especially my own ISP DNS!

    Of course, if one had up-to-date, realtime domain-to-IP mapped records for whole internet, one would not need the DNS at all and this whole trust issue would be solved.
    Like a giant hosts file that people used in the old days before DNS, and now use mostly for adblocking.
    But there is no such place or app to my knowledge (except my own, experimental app but it's nowhere near ready and still unsolved issues...)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.