Confirmed users
89
edits
Security/DNS Over HTTPS/Heuristics: Difference between revisions
Security/DNS Over HTTPS/Heuristics (view source)
Revision as of 11:49, 24 October 2023
, 24 October 2023Update links and mention VPN and proxy heuristics
(add links for third-party roots section) |
(Update links and mention VPN and proxy heuristics) |
||
| Line 3: | Line 3: | ||
'''High-level overview:''' https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https | '''High-level overview:''' https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https | ||
'''Implementation:''' https://searchfox.org/mozilla-central/source/browser/components/doh/DoHHeuristics. | '''Implementation:''' https://searchfox.org/mozilla-central/source/browser/components/doh/DoHHeuristics.sys.mjs<br /> | ||
[https://searchfox.org/mozilla-central/source/browser/components/doh/DoHController. | [https://searchfox.org/mozilla-central/source/browser/components/doh/DoHController.sys.mjs DoHController.jsm] is responsible for running them at startup and upon network changes, and taking action to disable or enable DoH based on the outcome. | ||
== Global Canary == | == Global Canary == | ||
| Line 48: | Line 48: | ||
Currently, ZScaler has not yet adopted the global canary, and is supported by a separate canary lookup heuristic that operates on `sitereview.zscaler.com`. | Currently, ZScaler has not yet adopted the global canary, and is supported by a separate canary lookup heuristic that operates on `sitereview.zscaler.com`. | ||
== VPN or Proxy == | |||
If a VPN, proxy or [https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn593632(v=ws.11) NRPT] is detected on Windows, then Firefox will not automatically use DNS over HTTPS. | |||