Firefox will encrypt web domain name requests by default https://www.engadget.com/2019/09/07/firefox-dns-over-https-by-default/
@Wetrix this actually may not be a good thing... If the browser sends DNS requests over HTTPS then this might interfere with adblocking. If you're running an and blocker on your phone for example or on your router and it cannot see DNS requests then it cannot block ads. You'd ideally want your phone or router to update DNS over HTTPS and act as a local DNS server for you, that way you get both adblocking and secure DNS requests.
@mister_monster
This is achievable on raspberry pi, if you set it to perform DNS filtering before sending request to upstream resolver
@Wetrix
@mister_monster
How does Firefox serve DNS request to DNS resolver with DoH? When is decryption done?
@Wetrix
@nikolal @Wetrix at the browser and the DNS server, just like HTTPS. So to block ads you'd have to middleman your own connection basically. I like DNS over HTTPS or TLS but I would turn it off in the browser and run my own DNS server on my network or locally on the machine that updates its registry over HTTPS, that way that server can block ads and trackers network or device wide.
@mister_monster
Thats what I did with raspberry pi and pihole, but never set up DoH, I have set up dnscrypt though for DNSSEC, but very few domains use it which is very sad
@Wetrix
@nikolal @Wetrix yeah I have a similar setup but with my router instead of a raspberry pi, and of course devices that leave the house have DoH and a DNS adblocker on the device. Also a Wireguard VPN into my home network for public WiFi, there's friction with DNS leaks there too so I have to have a static IP. DoH is great, I just started using it.
@mister_monster @nikolal way past my tech level so I'm just listening 😅
@Wetrix @nikolal its pretty simple without all the words lol. Basically when you go to whatever.com, your browser send a request to a DNS server unencrypted asking for the IP to whatever.com. adblockers block ads by watching these and blocking the ones to known ad and tracker URLs. Well DoH encrypts those, so your adblocker won't be able to see them. If it can't see them it can't block ads this way. Running your own DNS server at home solves the problem and still gets you privacy from your ISP.
