Trusted Recursive Resolver: Difference between revisions

Trusted Recursive Resolver (view source)

707 bytes removed , 16 July 2020

link to DNS over HTTPS article

63

edits

@@ Line 6: / Line 6: @@
 For more information, we've created [https://support.mozilla.org/en-US/kb/firefox-dns-over-https documentation about DoH and our plans for deployment]. We also have an [https://support.mozilla.org/en-US/kb/dns-over-https-doh-faqs FAQ], and instructions for [https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https network operators who wish to disable DoH on their networks].
-== DNS-over-HTTP Rollout ==
+== DNS-over-HTTPS Rollout ==
-Enabling DoH on users' computers is done using a separate module called 'doh-rollout'
+Main article: [[Security/DNS Over HTTPS]]
-This code is only enabled in specific regions of the world (currently only USA).
-Before DoH is enabled we perform certain heuristics to determine if this poses any risk to the user experience:
-* We check safe-search is enabled
-* We check the zscaler canary
-* We check the `use-application-dns.net` canary
-* We check if `security.enterprise_roots.enabled` pref is set
-* We check if any third party root certificates are installed
-* We check if any enterprise policies are set
-* We check if parental controls are enabled
-* We check if the user has made any changes to DoH/TRR settings
-If none of these heuristics is triggered then we proceed to enable the feature.
 == DNS-over-HTTPS Prefs in Firefox ==