Mozilla Firefox, new releases, Add-Ons, tips for customisation Part 2

Discussion in 'General Software and Applications' started by vbetts, Sep 24, 2018.

  1. WhiteLightning

    WhiteLightning Don Illuminati Staff Member

    Messages:
    30,766
    Likes Received:
    3,932
    GPU:
    Inno3d RTX4070
    Check if your browser uses Secure DNS, DNSSEC, TLS 1.3, and Encrypted SNI
    https://www.cloudflare.com/ssl/encrypted-sni/


    To enable:

    #1
    1. Load about:config in the Firefox address bar.
    2. Confirm that you will be careful.
    3. Encrypted SNI: Search for network.security.esni.enabled and toggle the value to True
    4. Secure DNS: Search for network.trr.mode and set it to 2. Search for network.trr.uri and set it to https://mozilla.cloudflare-dns.com/dns-query

    OR

    #2
    add to user.js

    // Enable ESNI encryption
    user_pref("network.security.esni.enabled", true);
    // DNS-over-HTTPS
    user_pref("network.trr.mode", 2);
    user_pref("network.trr.uri", https://mozilla.cloudflare-dns.com/dns-query);
     
    boogieman and RzrTrek like this.
  2. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,854
    GPU:
    EVGA 1070Ti Black
    i did all that every got green check next to except DNSSEC
    Firefox 69.0.01

    MS edge fails them all, Dont use chrome so dont know about that
     
    Last edited: Sep 29, 2019
  3. WhiteLightning

    WhiteLightning Don Illuminati Staff Member

    Messages:
    30,766
    Likes Received:
    3,932
    GPU:
    Inno3d RTX4070
    yes it seems a bit buggy still, if you try a second try or 3rd, is DNSSEC green ?
     
  4. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,854
    GPU:
    EVGA 1070Ti Black
    interesting i ran the test bunch time and that always failed I read this and tried again and now it all green, then again I also change dns server from that router to 1.1.1.1/1.0.0.1 before testing again. it all green now, not sure it is buggy or it green now cause I changed to 1.1.1.1/1.0.0.1 for dns servers on the router. maybe later I will turn it back to default dns servers and see what happens

    I mean the first test was saying I using 1.1.1.1 dns and I can tell you I was not, cause router was using verizon fios default dns , unless Firefox uses 1.1.1.1 by default which guess would ignore the dns my router was using.
     

  5. RzrTrek

    RzrTrek Guest

    Messages:
    2,548
    Likes Received:
    741
    GPU:
    -
    I changed network.security.esni.enabled (true) and network.trr.mode (2) as instructed, restarted and refreshed my browser multiple times, but DNSSEC won't go green.
     
  6. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,854
    GPU:
    EVGA 1070Ti Black
    I did bunch thing before that worked, one of them was I actual copied and pasted "https://mozilla.cloudflare-dns.com/dns-query" "into network.trr.uri" even though it was there by defualt, I still not sure what fixed the issue, or if the test is bugged? or if it just take few minutes for all the changes to happen
     
  7. Extraordinary

    Extraordinary Guest

    Messages:
    19,558
    Likes Received:
    1,636
    GPU:
    ROG Strix 1080 OC
    [​IMG]


    I use a static DNS on the PC for cloudflare too


    Cloudflare free DNS resolver IP addresses
    These are the IP addresses to set up Cloudflare's consumer DNS service on a computer or router.

    IP version 4
    • 1.1.1.1
    • 1.0.0.1
    IP version 6
    • 2606:4700:4700::1111
    • 2606:4700:4700::1001
     
  8. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,854
    GPU:
    EVGA 1070Ti Black
    this is one of the things I did on the router before it started to so green, obviously that only works via router if you have router that dont loook the dns
     
  9. Extraordinary

    Extraordinary Guest

    Messages:
    19,558
    Likes Received:
    1,636
    GPU:
    ROG Strix 1080 OC
    I have my routers DNS pointing at my Raspberry Pi running PiHole, but I have that set up for blocking ads on wifi for smartphones, I don't use it on the PC which is why I set the PCs DNS static to cloudflare to bypass the Pi
     
  10. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,854
    GPU:
    EVGA 1070Ti Black
    @Extraordinary

    so does the mean you need to point the pc to 1.1.1.1 for dnssec to work? I still kind confused foes Firefox use 1.1.1.1 internally for it quieries? cause like said the pc was not set to 1.1.1.1 nor was router but test said it was going threw 1.1.1.1
     

  11. Extraordinary

    Extraordinary Guest

    Messages:
    19,558
    Likes Received:
    1,636
    GPU:
    ROG Strix 1080 OC
    Don't think it's necessary, none of the guides say to do it, the changes you make to FF force it to use cloudflare for DNS but the rest of the system uses whatever you use in IPv4
     
  12. EdKiefer

    EdKiefer Ancient Guru

    Messages:
    3,127
    Likes Received:
    394
    GPU:
    ASUS TUF 3060ti
    Instructions worked for me, all green and I don't use a router and OS DNS is auto on my ISP one.

    Doesn't this only effect FF, shouldn't effect router or OS specific DNS if you set one?
     
    Last edited: Sep 30, 2019
  13. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,854
    GPU:
    EVGA 1070Ti Black
    that is the thing "https://mozilla.cloudflare-dns.com/dns-query" was already in there by default the rest of the stuff was not, i did at some point copy and paste that over it "https://mozilla.cloudflare-dns.com/dns-query" that was already there by default. like said not sure what actual made it work

    I been using 1.1.1.1 app on my iphone almost elusively with it vpn + warp on. i was wonder how i was gonna be-able to do that on pc or latest Firefox, and now i can, probably not the same as actual using a vpn but i prefer not to put the vpn on the router or have external program running for so this next best thing imo
     
    Last edited: Sep 30, 2019
  14. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,854
    GPU:
    EVGA 1070Ti Black
    "my" understanding is the browser must support this stuff and be setup for it, i could be wrong though. I know that edge don't support any of this or well didnt i check again today and it has DNSSEC green, so i really think changing 1.1.1.1 on router is what made DNSSEC turn green
     
  15. EdKiefer

    EdKiefer Ancient Guru

    Messages:
    3,127
    Likes Received:
    394
    GPU:
    ASUS TUF 3060ti
    My about:config file had for network.trr.uri a value of https://mozilla.cloudflare-dns.com/dns-query
    already in there to and I have not messed with this before.
     

  16. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,854
    GPU:
    EVGA 1070Ti Black
    @EdKiefer then i dont know maybe dnssec really is buggy.

    see to me firefox say https://mozilla.cloudflare-dns.com/dns-query mean's firefox is by default sending all dns request threw 1.1.1.1? I remember few months back I got notification of study the firefox was doing that redirect all dns traffic threw 1.1.1.1 maybe after that study was done they implemented that dns redirect in to firefox by default?

    Which would explain why the secure dns test was green and using 1.1.1.1 when it was never manual set on pc or router. and other browsers like edge said it didnt use 1.1.1.1 cause like said it was never set on said pc or router. it dont explain the dnssec behavior other then it is actually buggy.
     
  17. EdKiefer

    EdKiefer Ancient Guru

    Messages:
    3,127
    Likes Received:
    394
    GPU:
    ASUS TUF 3060ti
    Yeah, I don't know but think that address added there was just to get FF ready, it's not till you set the others valuesthat it is implemented.
    I tested FF before editing those lines and Igot like 2 green with last one X, I think first was X too.
    After edits and reboot FF all 4 were green.
     
  18. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,854
    GPU:
    EVGA 1070Ti Black
    mine was always green for secure dns before i even made changes, so i got no clue. I gave up trying to fiqure it out cause my brain hurts from trying to figure it out, some stuff that happens on pc's and the os, so tend ti give up easier these days. unless ofc it something completely obvious issue I cant ignore cause of ocd, in which case the ocd kills me.

    like in the case of my eyeglass not sitting straight on my face and there for i keep seeing it not straight and my ocd is like "fix it fix it" or gona drive you insane. but i almost got nose pad in correct position and alignment so hope full i have that solved and my ocd can leave me he hell alone.
     
  19. EdKiefer

    EdKiefer Ancient Guru

    Messages:
    3,127
    Likes Received:
    394
    GPU:
    ASUS TUF 3060ti
    Well. just set it like OP and I think your good to go, best you can do right now.
     
  20. Rich_Guy

    Rich_Guy Ancient Guru

    Messages:
    13,138
    Likes Received:
    1,091
    GPU:
    MSI 2070S X-Trio

Share This Page