Mozilla's new DNS resolution

Corrine · August 06, 2018, 02:01:45 AM

ungleich Blog - Mozilla's new DNS resolution is dangerous

QuoteMozilla withholds that using their Trusted Recursive Resolver would cause a security issue in the first place for users who are indeed in a trustworthy network where they know their resolvers, or use the ISP's default one. Because sharing data or information with any third party, which is Cloudflare in this case, is a security issue itself. Cloudflare publicly commits to a "pro-user privacy policy" and the deletion of all personally identifiable data after 24 hours, but you never know where your data ends up at the end of the day.

QuoteHow to turn TRR off

User rendx nicely described on hackernews how to turn off TRR and we want to share this info with you:

Enter about:config in the address bar
Search for network.trr
Set network.trr.mode = 5 to completely disable it

I suggest you read the article for yourself and make your own decision as to whether you want to use TRR or disable it.

techie · August 06, 2018, 02:48:39 AM

It sounds good in one way, secure DNS. I set my own preferred DNS. It's a server I trust. I don't need a man in the middle since it is resolved at my router level.

Aaron Hulett · August 06, 2018, 06:50:04 AM

Concluding I need to uninstall Firefox.

plodr · August 06, 2018, 02:01:15 PM

Browser choices are diminishing!
I refuse to install Chrome on any Windows computer and I don't like Internet Explorer.

I guess I'll do some reading. FF ESR is my backup browser and I'm not reading to completely remove it.

plodr · August 06, 2018, 02:34:25 PM

Reading the comments in the article, I found what 0 through 5 means.

Quote0 and 5 are variants of off.

If anyone can find out what the difference is between 0 and 5, post a link or explain.

I went in and had a look and my v 61.0.1 was set to network.trr.mode was set to 0.

Pete! · August 06, 2018, 02:41:06 PM

From what I can see, there's no functional difference between the current default "network.trr.mode" and the one suggested in the article:

I'm not going to obsess about it.

https://gist.github.com/bagder/5e29101079e9ac78920ba2fc718aceec

Corrine · August 06, 2018, 02:50:35 PM

Keep in mind, as the article indicated, this is in the nightly builds. That doesn't mean it will be opt-in by default in the released version.

Martin Brinkman's thoughts: Is Mozilla's new DNS feature really dangerous?

Pete! · August 06, 2018, 03:28:10 PM

If nothing else, this topic served to further my education...

Sometimes when a favorite forum or other website changes servers, it takes a while for all the local ISPs to catch up. That might be a good time to set the trr.mode to 1 or 2 for a while.

SpyDie · August 06, 2018, 07:50:28 PM

Quote from: plodr on August 06, 2018, 02:01:15 PM
Browser choices are diminishing!
I refuse to install Chrome on any Windows computer and I don't like Internet Explorer.

I guess I'll do some reading. FF ESR is my backup browser and I'm not reading to completely remove it.

As a, perhaps, side topic, what browsers are people using? I am a huge Chrome advocate but I have been noticing it isn't as fast & slick as it once was. I believe it is becoming slower and I am finding weird bugs on some PCs with Chrome

Corrine · August 06, 2018, 09:52:34 PM

(As if most people here didn't know :) ) I use Pale Moon on the PC for forums, blog, etc. because I can still use the add-ons that I've used for years. There are a few others, but these are favorites:

-- Athena which replaced GSNotes for "canned instructions" long ago
-- BBCodeXtra which works great for formatting links for BBCode as well as HTML
-- Back to Top - click an arrow and your at the top or bottom of the page.
-- F.B. (FluffBusting) Purity which is the only thing that makes Facebook usable.

However, I do use Microsoft Edge on my other PC. I have uBlock Origin and FBPurity set up on it the same as my other PC. Unfortunately, there aren't what I refer to as "production" or "utility" extensions like Athena, BBCodeXtra, Malware Search, etc.

No, I don't like Chrome and have not been happy with direction Mozilla took Firefox a long time ago.

Pete! · August 06, 2018, 09:55:33 PM

Quote from: SpyDie on August 06, 2018, 07:50:28 PM
As a, perhaps, side topic, what browsers are people using? I am a huge Chrome advocate but I have been noticing it isn't as fast & slick as it once was. I believe it is becoming slower and I am finding weird bugs on some PCs with Chrome

I use Firefox. If something doesn't work, I'll try it in Edge.

My wife uses Edge. It's more "touch screen" friendly. Her first computer had Windows 8, so she never acquired the mouse skills that most of us take for granted.

plodr · August 07, 2018, 02:46:04 PM

Pale Moon as my main and FF Quantum (portable) as my backup. Quantum seems faster than Palemoon so I might switch to using FF ESR as main and Palemoon as backup.
FF ESR will be moving up and all the old extensions won't work so I've been testing it to "be prepared".
uBlockOrigin and noscript have new versions so I'm learning how they work. Clear Flash Cookies takes the place of Better Privacy that clears flash LSO cookies. Web Mail AdBlocker has a new version. It enlarges the inbox reading pane on webmail so I don't have the right column blank where the ads go.
The hardest thing to find was a decent cookie manger because the new version doesn't make it easy. I don't want all or nothing. I want selection of cookies to keep. I'm working on figuring out CookieBro.

I also have HTTPS Everywhere but I might no longer need to use that since sites seem to be going to https.

Corrine · August 07, 2018, 02:50:26 PM

Here is Sophos' take on the Mozilla change: Mozilla faces resistance over DNS privacy test – Naked Security.