Monday, June 18, 2018

Firefox DNS-over-HTTPS

TL;DR: Firefox DoH is buggy atm. Hopefully it's usable in Firefox 62, or at least Firefox 61.




I'm surprised once I know Firefox 60 has DNS-over-HTTPS feature. It's important for me so I can open reddit in my phone, bypassing ISP restrictions, so I tried it out. Unfortunately, it doesn't work very well.

First, I tried this combination using Cloudflare DNS resolver:
  • network.trr.bootstrapAddress = 1.0.0.1 (for some reason 1.1.1.1 is not working on me)
  • network.trr.mode = 3
  • network.trr.uri = https://mozilla.cloudflare-dns.com/dns-query
  • network.trr.useGET = true
I'm pretty sure I set it up correctly, but the result is that it fails to resolve any address, so I fired up HTTP Logging in about:networking just to found out somehow the TRR is failing unexpectedly because Cloudflare DNS-over-HTTPS resolver sends "Content-Type: application/dns-message" while Firefox expects the content type exactly to be "application/dns-udpwireformat", so the check fails.

I messed up with cURL to just to find out that Cloudflare DNS always sends the content type header as "application/dns-message". So I tried Google DNS-over-HTTPS resolver:
  • network.trr.bootstrapAddress = 172.217.21.142
  • network.trr.uri = https://dns.google.com/experimental
  • (the rest of the option is same as above, or before)
I also have to restart Firefox because somehow the TRR is not get reset, and then found out that TRR mode 3 is buggy too after Firefox is restarted, so I have to set network.trr.mode=2 at first. I also need to increase the resolver timeout from 3000 to 10000 because my internet sucks (network.trr.request-timeout). I tried to resolve example.com then TRR starts to kick in. Time for reddit.com, and TRR is now online.

I tried same configuration in my phone, and yeah finally TRR kicks in too. I successfully open up reddit with Firefox, without those crazy, root-only DNSCrypt. Note that there's no WiFi in here, so I can't just change the DNS without rooting my phone.

Unfortunately, once Firefox restarted, the TRR stops working again. I still don't know why this happends. I have to set network.trr.mode=2 at first, then try to open something, set network.trr.mode=3 back, then it works again.

Hopefully, if you reading this and you're Firefox developer, please implement proper fix. I'm so exited for this feature to arrive!

Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)