DOH on by default now on Firefox -

Blondie

Cooking up some shit over at kf's git page.
kiwifarms.net
Holy shit, I didn't know they were finally pushing this after how many issues caused by it in the UK?
EDIT: I'm an idiot and just realized it's been in development for approx. 2 years.
 

garakfan69

Please be patient, I have idiocy
kiwifarms.net
DoH is shit.
It makes the internet more centralized because now Firefox makes everyone use Cloudflare's server to resolve DNS requests instead of their respective ISPs (or alternate ones like OpenDNS).

It's also an overcomplicated protocol for webshits (JSON encoded data over an HTTPS connection).
DoT encrypts DNS requests too but doesn't require you to implement a HTTPS server and JSON parser to do so.
 

Blondie

Cooking up some shit over at kf's git page.
kiwifarms.net
DoH is shit.
It makes the internet more centralized because now Firefox makes everyone use Cloudflare's server to resolve DNS requests instead of their respective ISPs (or alternate ones like OpenDNS).

It's also an overcomplicated protocol for webshits (JSON encoded data over an HTTPS connection).
DoT encrypts DNS requests too but doesn't require you to implement a HTTPS server and JSON parser to do so.
I mean, they also allow you to use NextDNS which is better than Cloudflare by a long shot, you can also use your own custom one, so OpenDNS is probably able to be used as well.
 

garakfan69

Please be patient, I have idiocy
kiwifarms.net
I mean, they also allow you to use NextDNS which is better than Cloudflare by a long shot, you can also use your own custom one, so OpenDNS is probably able to be used as well.
You can also just disable it completely. The story is about how it's default now and most people will just leave it at that.
 

Stock Image Photographer

All my homies hate human rights
kiwifarms.net
DoH is shit.
It makes the internet more centralized because now Firefox makes everyone use Cloudflare's server to resolve DNS requests instead of their respective ISPs (or alternate ones like OpenDNS).

It's also an overcomplicated protocol for webshits (JSON encoded data over an HTTPS connection).
DoT encrypts DNS requests too but doesn't require you to implement a HTTPS server and JSON parser to do so.
Definitely agree. People should disable it and use something like dnscrypt-proxy instead.
 

Coffee Shits

Good morning!
kiwifarms.net
They are touting this as a victory for privacy when all it does is shift who can peek into your DNS requests from your ISP to Cloudflare. Drilling down from a handful of companies (99% of people use their ISP's DNS servers) to one. How much is Mozilla getting paid from Cloudflare for this? We know that Mozilla took a big chunk of change from Google to make it the default search engine once upon a time. No one switches from the default settings and they know this. If you do, you're probably smart enough to have switched to a FF fork sometime between Australis and Quantum.

Look at this shit:

2019-10-20-18-24-01-003f52.png


Nine out of ten users just want the popup box to go away and will slam the big blue button to do so, and the remaining person who actually reads it will see "more secure" and ignore the rest. Great job Mozilla, you've fully perverted your original cause. Very frustrating.
 

He Who Points And Laughs

Flavortown Refugee
kiwifarms.net
Nine out of ten users just want the popup box to go away and will slam the big blue button to do so, and the remaining person who actually reads it will see "more secure" and ignore the rest. Great job Mozilla, you've fully perverted your original cause. Very frustrating.
That's essentially the argument that Linux people use. Most end users just don't put in the time to learn.
 

Blondie

Cooking up some shit over at kf's git page.
kiwifarms.net
Apologies for rebumping this thread but I recently found out that DoH when it's defaulted to Cloudflare, you can't connect to our main archiving service at all since it apparently has a "bad certificate".

Here's a direct excerpt from what happens when you go to archive.fo;
"Warning: Potential Security Risk Ahead:
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for archive.fo. The certificate is only valid for the following names: cloudflare-dns.com, *.cloudflare-dns.com, one.one.one.one, 1.1.1.1, 1.0.0.1, 162.159.132.53, 2606:4700:4700::1111, 2606:4700:4700::1001, 2606:4700:4700::64, 2606:4700:4700::6400, 162.159.36.1, 162.159.46.1"

So yes, if you're using DoH, for the love of god change it to NextDNS or a custom one.

EDIT: Fixed the wording.
 

Citation Checking Project

Wokescolds of the world, unite!
True & Honest Fan
kiwifarms.net
Apologies for rebumping this thread but I recently found out that DoH when it's defaulted to Cloudflare, you can't connect to our main archiving service at all since it apparently has a "bad certificate".

Here's a direct excerpt from what happens when you go to archive.fo;
"Warning: Potential Security Risk Ahead:
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for archive.fo. The certificate is only valid for the following names: cloudflare-dns.com, *.cloudflare-dns.com, one.one.one.one, 1.1.1.1, 1.0.0.1, 162.159.132.53, 2606:4700:4700::1111, 2606:4700:4700::1001, 2606:4700:4700::64, 2606:4700:4700::6400, 162.159.36.1, 162.159.46.1"

So yes, if you're using DoH, for the love of god change it to NextDNS or a custom one.

EDIT: Fixed the wording.
Wow this is peculiar. If you forgo SSL certificates or if you visit the http version, you get attachment below. (and for the record, 185.220.101.71 is a Tor exit node)
 Error 1001 Ray ID: 56c3514abacbfb5c • 2020-02-28 15:09:05 UTC DNS resolution error What happened?  You've requested a page on a website (archive.fo) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (archive.fo). There are two potential causes of this:      Most likely: if the owner just signed up for Cloudflare it can take a few minutes for the website's information to be distributed to our global network.     Less likely: something is wrong with this site's configuration. Usually this happens when accounts have been signed up with a partner organization (e.g., a hosting provider) and the provider's DNS fails.  Cloudflare Ray ID: 56c3514abacbfb5c • Your IP: 185.220.101.71 • Performance & security by Cloudflare
It seems like cloudflare's DNS server, whether it be over HTTPS or over UDP likes to resolve archive.li, .fo, and .today (but not .li) to
Code:
archive.fo. 2376 IN A 1.1.1.1
archive.fo. 2376 IN A 1.0.0.1
archive.fo. 2376 IN A 203.28.246.15
the two first addresses are cloudflare's DNS itself, the last one belongs to VanwaNet CDN.

I will shoot archive.li an e-mail, they need to know about this.

EDIT: That's a long-standing wontfix issue
Well, actually, further research reveals that this has been the case for years and that archive.today and CF are in a technical disagreement over DNS best practices. (Not too sure how to put it.) So this is most likely not getting fixed soon @Blondie. Only remaining question: will the webmaster jersh out at me or just ignore my e-mail?
 
Last edited:

Blondie

Cooking up some shit over at kf's git page.
kiwifarms.net
Wow this is peculiar. If you forgo SSL certificates or if you visit the http version, you get attachment below. (and for the record, 185.220.101.71 is a Tor exit node)
View attachment 1165084
It seems like cloudflare's DNS server, whether it be over HTTPS or over UDP likes to resolve archive.li, .fo, and .today (but not .li) to
Code:
archive.fo. 2376 IN A 1.1.1.1
archive.fo. 2376 IN A 1.0.0.1
archive.fo. 2376 IN A 203.28.246.15
the two first addresses are cloudflare's DNS itself, the last one belongs to VanwaNet CDN.

I will shoot archive.li an e-mail, they need to know about this.
It seems .li is the only one with the "correct" certificate in Cloudflare's book, I'm hoping for this to be resolved and it mostly will be in the coming hours, one can only hope.
Cheers.
 

Citation Checking Project

Wokescolds of the world, unite!
True & Honest Fan
kiwifarms.net
Wow this is peculiar. If you forgo SSL certificates or if you visit the http version, you get attachment below. (and for the record, 185.220.101.71 is a Tor exit node)
View attachment 1165084
It seems like cloudflare's DNS server, whether it be over HTTPS or over UDP likes to resolve archive.is, .fo, and .today (but not .li) to
Code:
archive.fo. 2376 IN A 1.1.1.1
archive.fo. 2376 IN A 1.0.0.1
archive.fo. 2376 IN A 203.28.246.15
the two first addresses are cloudflare's DNS itself, the last one belongs to VanwaNet CDN.

I will shoot archive.li an e-mail, they need to know about this.
Well, actually, further research reveals that this has been the case for years and that archive.today and CF are in a technical disagreement over DNS best practices. (Not too sure how to put it.) So this is most likely not getting fixed soon @Blondie. Only remaining question: will the webmaster jersh out at me or just ignore my e-mail?
 

3119967d0c

a... brain - @StarkRavingMad
True & Honest Fan
kiwifarms.net
Well, actually, further research reveals that this has been the case for years and that archive.today and CF are in a technical disagreement over DNS best practices. (Not too sure how to put it.) So this is most likely not getting fixed soon @Blondie. Only remaining question: will the webmaster jersh out at me or just ignore my e-mail?
I assume he just ignores these emails at this point. Cloudflare are in the wrong.
 

Blondie

Cooking up some shit over at kf's git page.
kiwifarms.net
Well, actually, further research reveals that this has been the case for years and that archive.today and CF are in a technical disagreement over DNS best practices. (Not too sure how to put it.) So this is most likely not getting fixed soon @Blondie. Only remaining question: will the webmaster jersh out at me or just ignore my e-mail?
Aw dang, most likely ignore, maybe jersh out at you since they probs get a lot of these emails all the time, I apologize for basically throwing you into that kind of position.
 
Tags
None