Why Firefox wont respect my dns settings but dns utilities (dig, nslookup ) will ?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
192.168.1.201 is a pizero where i installed pihole. I dont know anything else about its config.
And its attached by cable to the home gateway.
That /etc/resolv.conf in the host 192.168.1.200 from where i try the tests.
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
And:
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
....
#hosts: files dns mdns4_minimal [NOTFOUND=return]
#hosts: files mdns4_minimal [NOTFOUND=return] dns
hosts: files
....
yep hosts is only to files!! but firefox has no problem! but ping does!
systemd services running:
resolvconf.service
dhcpcd.service
NetworkManager.service
---------------------------------------------------
I have disabled systemd-resolved service.
I cant disable resolvconf.service
I dont now who wrote to /etc/resolv.conf . I had only one entry in :
/etc/resolvconf/resolv.conf.d/head
nameserver 192.168.1.201
Thanks. Indeed. Firefox seems to do its own dns resolution. In a host
of my homelan with a headless pizero + pihole wired to the gateway ,
epiphany , falcon and chromium use the /etc/resolv.conf which point to
my pihole. Only firefox 84.0.2 do it owns dns resolution. Could other forum members please fact-check that?
So its weird the firefox says it tried to do something good , like securing the dns resolution , but it in my case it took two nights of troubleshooting , messing with :
/etc/network/interfaces
/etc/hosts
/etc/nsswitch.conf
systemd-resolved
resolvconf.service
networkmanager (and it gui+text utilities nmcli ..)
dhcpcd (thats a dhcp server that i dont know why
it was installed. i removed it eventually)
dhcp client
and netplan!...
and all the above x 4 (as the hosts of my homelan)
just to find out that firefox does dns resolution on its own.
Now i have uninstalled it on that host.
So sidetracking a little i am wondering can a linux distro or a homelan ''admin'' enforce a single dns resolution policy?
And sidetracking a little more.. Do a little home-host needs all that dns-network services, caches , middlewares etc ?
I wrote a question weeks ago in LQ on seeing containers as overprovisioned guests.
Now do we have also have home host distros with overprovisioned lan configuration ?
Not necessarily. Mine doesn't, and doesn't default to it either.
Have you checked
Preferences => General => Network Settings => Settings => Enable DNS over HTTPS
???
Not necessarily. Mine doesn't, and doesn't default to it either.
Have you checked
Preferences => General => Network Settings => Settings => Enable DNS over HTTPS
???
Thanks. I checked it. It's not enabled.
Still if that was the case , wouldn't that qualify as 'firefox does it's own dns resolution'
since it ignores /etc/resolv.conf ?
Anyway still firefox does sth different. I see in my pihole that it tries mozilla-cloudfare.com .
Without being a spy , my recent experience with the pihole , makes me also sceptical of the shortcomings of allowing
each application in a system to has its own dns resolution process, creating issues with any effort for central
control of dns traffic in a network.
I don't think its aimed at security. It's more aimed at being inclusive. Cloudflare probably doesn't censor who is in its dns list. So by forcibly using those DNS servers, you can bypass any censorship being implemented at the local and ISP level.
It was probably implemented as a feature to defeat China and Russian internet censorship, amongst the many other countries. It isn't about security.
@OP. Try Seamonkey latest version if you need a FF type browser that has less crap in it. It uses latest ESR code but doesnt come with the DNS bypass as far as I know, not yet anyway. Alternatively, you could compile from source and get rid of those features maybe at the compile level. I honestly dont see FF being usable by corporate or business clients very soon. The amount of bloat that gets added is making it less of a good choice.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.