Merge pull request intika#57 from brainscar/patch-2

Set TRR to 5: Explicitly Off
otilrac · Dec 29, 2018 · f9d761d · f9d761d
2 parents 130700e + 8d2372b
commit f9d761d
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/librefox/mozilla.cfg b/librefox/mozilla.cfg
@@ -509,14 +509,20 @@ lockPref("media.peerconnection.ice.no_host", true); // (FF51+)
 
 // Pref : 0707 : disable (or setup) DNS-over-HTTPS (DoH) (FF60+)
 // TRR = Trusted Recursive Resolver
-// .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result
+// .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result, 5=explicitly turn it off
 // [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare)
 // [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
 // [2] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ 
 // BUG : This seem to disable socks_remote_dns ?! need to check with wireshark 
 // If true, just settings urls to null should be enough to disable 
 // Without impacting socks_remote_dns
-lockPref("network.trr.mode", 0);
+// -------
+// Mode 0 is only off because right now that's the default, the default can change.
+// Mode 5 means explicitly off, regardless of default.
+// https://wiki.mozilla.org/Trusted_Recursive_Resolver
+// https://nakedsecurity.sophos.com/2018/08/07/mozilla-faces-resistance-over-dns-privacy-test/#comment-5193521
+// -------
+lockPref("network.trr.mode", 5);
 lockPref("network.trr.bootstrapAddress", "");
 lockPref("network.trr.uri", "");