Author Topic: Mozilla's new DNS resolution  (Read 1041 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19507
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Mozilla's new DNS resolution
« on: August 06, 2018, 01:01:45 AM »
ungleich Blog - Mozilla's new DNS resolution is dangerous

Quote
Mozilla withholds that using their Trusted Recursive Resolver would cause a security issue in the first place for users who are indeed in a trustworthy network where they know their resolvers, or use the ISP’s default one. Because sharing data or information with any third party, which is Cloudflare in this case, is a security issue itself.  Cloudflare publicly commits to a "pro-user privacy policy" and the deletion of all personally identifiable data after 24 hours, but you never know where your data ends up at the end of the day.

Quote
How to turn TRR off

User rendx nicely described on hackernews how to turn off TRR and we want to share this info with you:

    Enter about:config in the address bar
    Search for network.trr
    Set network.trr.mode = 5 to completely disable it

I suggest you read the article for yourself and make your own decision as to whether you want to use TRR or disable it.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline techie

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 599
    • View Profile
Re: Mozilla's new DNS resolution
« Reply #1 on: August 06, 2018, 01:48:39 AM »
It sounds good in one way, secure DNS. I set my own preferred DNS. It's a server I trust. I don't need a man in the middle since it is resolved at my router level.

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1394
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
Re: Mozilla's new DNS resolution
« Reply #2 on: August 06, 2018, 05:50:04 AM »
Concluding I need to uninstall Firefox.

Offline plodr

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1108
    • View Profile
Re: Mozilla's new DNS resolution
« Reply #3 on: August 06, 2018, 01:01:15 PM »
Browser choices are diminishing!
I refuse to install Chrome on any Windows computer and I don't like Internet Explorer.

I guess I'll do some reading. FF ESR is my backup browser and I'm not reading to completely remove it.

Offline plodr

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1108
    • View Profile
Re: Mozilla's new DNS resolution
« Reply #4 on: August 06, 2018, 01:34:25 PM »
Reading the comments in the article, I found what 0 through 5 means.
Quote
0 and 5 are variants of off.
If anyone can find out what the difference is between 0 and 5, post a link or explain.

I went in and had a look and my v 61.0.1 was set to network.trr.mode was set to 0.

Offline Pete!

  • Hero Member
  • *****
  • Posts: 5188
    • View Profile
Re: Mozilla's new DNS resolution
« Reply #5 on: August 06, 2018, 01:41:06 PM »
From what I can see, there's no functional difference between the current default "network.trr.mode" and the one suggested in the article:
    trr.mode = 0 (Off by default)
    trr.mode = 5 (Off by choice)
I'm not going to obsess about it.

https://gist.github.com/bagder/5e29101079e9ac78920ba2fc718aceec

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19507
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Mozilla's new DNS resolution
« Reply #6 on: August 06, 2018, 01:50:35 PM »
Keep in mind, as the article indicated, this is in the nightly builds.  That doesn't mean it will be opt-in by default in the released version. 

Martin Brinkman's thoughts:  Is Mozilla's new DNS feature really dangerous?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Pete!

  • Hero Member
  • *****
  • Posts: 5188
    • View Profile
Re: Mozilla's new DNS resolution
« Reply #7 on: August 06, 2018, 02:28:10 PM »
If nothing else, this topic served to further my education...

Sometimes when a favorite forum or other website changes servers, it takes a while for all the local ISPs to catch up. That might be a good time to set the trr.mode to 1 or 2 for a while.

Offline SpyDie

  • The Spyware Cooker
  • Administrator
  • Hero Member
  • *****
  • Posts: 2188
    • View Profile
    • The LandzDown Forum
Re: Mozilla's new DNS resolution
« Reply #8 on: August 06, 2018, 06:50:28 PM »
Browser choices are diminishing!
I refuse to install Chrome on any Windows computer and I don't like Internet Explorer.

I guess I'll do some reading. FF ESR is my backup browser and I'm not reading to completely remove it.

As a, perhaps, side topic, what browsers are people using? I am a huge Chrome advocate but I have been noticing it isn't as fast & slick as it once was. I believe it is becoming slower and I am finding weird bugs on some PCs with Chrome
Beta. Software undergoes beta testing shortly before it's released. Beta is Latin for 'still doesn't work.'

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19507
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Mozilla's new DNS resolution
« Reply #9 on: August 06, 2018, 08:52:34 PM »
(As if most people here didn't know :) ) I use Pale Moon on the PC for forums, blog, etc. because I can still use the add-ons that I've used for years.  There are a few others, but these are favorites:

-- Athena which replaced GSNotes for "canned instructions" long ago
-- BBCodeXtra which works great for formatting links for BBCode as well as HTML
-- Back to Top - click an arrow and your at the top or bottom of the page. 
-- F.B. (FluffBusting) Purity which is the only thing that makes Facebook usable.

However, I do use Microsoft Edge on my other PC.  I have uBlock Origin and FBPurity set up on it the same as my other PC.  Unfortunately, there aren't what I refer to as "production" or "utility" extensions like Athena, BBCodeXtra, Malware Search, etc.

No, I don't like Chrome and have not been happy with direction Mozilla took Firefox a long time ago.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Pete!

  • Hero Member
  • *****
  • Posts: 5188
    • View Profile
Re: Mozilla's new DNS resolution
« Reply #10 on: August 06, 2018, 08:55:33 PM »
As a, perhaps, side topic, what browsers are people using? I am a huge Chrome advocate but I have been noticing it isn't as fast & slick as it once was. I believe it is becoming slower and I am finding weird bugs on some PCs with Chrome
I use Firefox. If something doesn't work, I'll try it in Edge.

My wife uses Edge. It's more "touch screen" friendly. Her first computer had Windows 8, so she never acquired the mouse skills that most of us take for granted.

Offline plodr

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1108
    • View Profile
Re: Mozilla's new DNS resolution
« Reply #11 on: August 07, 2018, 01:46:04 PM »
Pale Moon as my main and FF Quantum (portable) as my backup. Quantum seems faster than Palemoon so I might switch to using FF ESR as main and Palemoon as backup.
FF ESR will be moving up and all the old extensions won't work so I've been testing it to "be prepared".
uBlockOrigin and noscript have new versions so I'm learning how they work. Clear Flash Cookies takes the place of Better Privacy that clears flash LSO cookies. Web Mail AdBlocker has a new version. It enlarges the inbox reading pane on webmail so I don't have the right column blank where the ads go.
The hardest thing to find was a decent cookie manger because the new version doesn't make it easy. I don't want all or nothing. I want selection of cookies to keep. I'm working on figuring out CookieBro.

I also have HTTPS Everywhere but I might no longer need to use that since sites seem to be going to https.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19507
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Mozilla's new DNS resolution
« Reply #12 on: August 07, 2018, 01:50:26 PM »
Here is Sophos' take on the Mozilla change:  Mozilla faces resistance over DNS privacy test – Naked Security.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.