Correction #15473
closedFeedback on pfSense® software Configuration Recipes — Blocking External Client DNS Queries: Firefox
100%
Description
Page: https://docs.netgate.com/pfsense/en/latest/recipes/dns-block-external.html
Feedback:
The pfSense documentation says: 'Firefox uses a "canary" domain use-application-dns.net by default. If Firefox cannot resolve this name, Firefox disables DNS over HTTPS."'
However, per https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet:
"Note: The canary domain only applies to users who have DoH enabled as the default option. It does not apply for users who have made the choice to turn on DoH by themselves."
The pfSense documentation is slightly misleading. Recommend the following wording:
'Firefox uses a "canary" domain use-application-dns.net by default. If Firefox is configured to enable DNS over HTTPS using default protection and cannot resolve this name, it will disable DNS over HTTPS. If Firefox is configured using increased or max protection, Firefox will not disable DNS over HTTPS."'
Updated by Jim Pingle 9 days ago
- Status changed from New to Closed
- Assignee set to Jim Pingle
- % Done changed from 0 to 100
It's clear as is -- that's what the "by default" part of that sentence means -- but I added a little more text to make it even more clear.
If a user changed their settings manually then it's no longer "by default".