unbound + doh + curl + firefox (was: Unbound 1.12.0rc1 pre-release)
A. Schulze
sca at andreasschulze.de
Mon Oct 5 16:54:07 UTC 2020
reply on-list again...
Am 05.10.20 um 09:34 schrieb Alexander Moentjens:
> Could you please elaborate on how DoH in Unbound is working with Firefox for you?
unbound.conf
server:
interface: 0.0.0.0 at 443
interface: ::@443
https-port: 443
tls-service-pem: "/path/to/cert+intermediate.pem"
tls-service-key: "/path/to/key.pem"
use a recent version of curl, for now 7.64.0
curl -I -v --doh-url https://your.unbound.example/dns-query https://nlnetlabs.nl
use a recent version of Firefox, for now 81.0.1
settings -> proxy
-> enable "DNS over HTTPS"
-> custom
-> https://your.unbound.example/dns-query
use "https://your.unbound.example:port/dns-query" if running DoH not on 443
close firefox
start firefox
access some random websites
about:networking#dns
-> check that "trr" is shown as yes
-> see "false" for your.unbound.example
Now, Firefox will use DoH if available or Do53. Whatever works. You will not notice any fallback to Do53.
But disabling Do53 at all is possible:
- https://wiki.mozilla.org/Trusted_Recursive_Resolver
- https://support.mozilla.org/de/kb/firefox-dns-%C3%BCber-https
about:config
network.trr.mode = 3
as no "classical" resolver should be used, you've to provide some glue:
the address of your.unbound.example...
about:config
network.trr.bootstrapAddress = IPv4 or IPv6 of your.unbound.example
close firefox
start firefox
access some other random websites
check about:networking#dns again
notice no entry for your.unbound.example
notice no traffic on Do53
:-)
More information about the Unbound-users
mailing list