Provide service to disable Firefox DNS of HTTPS which threatens all DNS Filter users | Voters

Provide service to disable Firefox DNS of HTTPS which threatens all DNS Filter users

launched

System

Firefox is planning to enable DNS over HTTPS soon.  This will prevent services like DNS Filter from working, as well as affecting corporate split-DNS environments. (https://support.mozilla.org/en-US/kb/firefox-dns-over-https)
Mozilla provides a way to disable this feature using a DNS query, however it is so convoluted to implement that it's effectively not possible without major changes to internal DNS servers. 
It is not possible to implement on older (but still supported) Windows DNS servers. (https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https)
My suggestion is for DNS Filter to provide a service that allows customers to forward requests to the use-application-dns.net domain to receive the NXDOMAIN result, which would make it easy to apply this setting on any network.

September 13, 2019

Mikey @DNSFilter

marked this post as

launched

Firefox DoH fix is implemented.

Net Results

Ouch. Is my reading of this correct? The user preference for 'always use DoH' will be honored

even

if the convoluted canary is implemented? So the user gets to choose to bypass internal network DNS filtering and potentially leak/break internal split DNS? Its like Mozilla wants their product blocked on enterprise installs.

System

Net Results: You are correct in your reading of this. I believe you can override the user preference if you have Group Policies setup to control Firefox.