Confirmed users
89
edits
Trusted Recursive Resolver: Difference between revisions
Jump to navigation
Jump to search
Add DoH rollout section
(Update to match default of blacklist-duration) |
(Add DoH rollout section) |
||
| Line 5: | Line 5: | ||
For more information, we've created [https://support.mozilla.org/en-US/kb/firefox-dns-over-https documentation about DoH and our plans for deployment]. We also have an [https://support.mozilla.org/en-US/kb/dns-over-https-doh-faqs FAQ], and instructions for [https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https network operators who wish to disable DoH on their networks]. | For more information, we've created [https://support.mozilla.org/en-US/kb/firefox-dns-over-https documentation about DoH and our plans for deployment]. We also have an [https://support.mozilla.org/en-US/kb/dns-over-https-doh-faqs FAQ], and instructions for [https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https network operators who wish to disable DoH on their networks]. | ||
== DNS-over-HTTP Rollout == | |||
Enabling DoH on users' computers is done using a separate module called 'doh-rollout' | |||
This code is only enabled in specific regions of the world (currently only USA). | |||
Before DoH is enabled we perform certain heuristics to determine if this poses any risk to the user experience: | |||
* We check safe-search is enabled | |||
* We check the zscaler canary | |||
* We check the `use-application-dns.net` canary | |||
* We check if `security.enterprise_roots.enabled` pref is set | |||
* We check if any third party root certificates are installed | |||
* We check if any enterprise policies are set | |||
* We check if parental controls are enabled | |||
* We check if the user has made any changes to DoH/TRR settings | |||
If none of these heuristics is triggered then we proceed to enable the feature. | |||
== DNS-over-HTTPS Prefs in Firefox == | == DNS-over-HTTPS Prefs in Firefox == | ||