[nirvdrum]

FWIW, Chrome does this as well. Its DNS prefetch feature will ignore your local hosts file and configured DNS servers. It creates annoying problems if you have a VPN where some hosts resolve differently than they do publicly.

Granted, in this case if you block Google's DNS servers from routing, Chrome will use your system's name resolution configuration.

[odorousrex]

TIL! This upsets me more than the Chromecast using Google's DNS.

I barely use Chrome anymore (just for testing really) but the thought that any domain I wish to go to can be overridden by the browser by default - that's scary.

I mean what if Google doesn't like your website's content. They can block it on their DNS server and 99.999% of Chrome users would think something was wrong with your site.

Thank you, I hate it.

[StreamBright]

I was thinking about buying a better network device for home and have VLANs and ACLs just to take control of my internet again. It is pretty annoying that Google not only trying to track me everywhere but actively overriding system wide settings to be able to get information what sites I am visiting.

[fiddlerwoaroof]

You don’t necessarily need a better networking device if your current router is supported by openwrt/lede

[StreamBright]

I was looking into that yesterday. How can I disable forwarding in Dnsmasq for certain domain names? Maybe I should run a local resolver server myself instead of forwarding the DNS requests to 3rd parties and do it that way with ACLs? Let me know if you have detailed documentation about how to use OpenWRT for these.

[DCoder]

In theory, couldn't Firefox's certificate store blacklist the TLS certificate your website uses, with the same user-confusing result?

[admax88q]

I mean in theory your web browser doesn't have to respect the address bar, it can do whatever the fuck it wants. The point is what Chrome is already doing is not good behaviour.

[pault]

Holy synchronicity! I just ran into this this morning when trying to null route a hostname on my co-workers computer and nobody could figure out why chrome could still resolve the IP after we changed the hosts file.

[nirvdrum]

It was disheartening how much time I spent tracking this down. I generally use Firefox, but since the web is bifurcated, I need to be able to access some sites with Chrome.

[sundvor]

Funny flashbacks to Google highjacking the .dev tld and forcing it to be https in Chrome.

Actually it was just annoying, not funny.

[matwood]

This is extremely annoying. The VPN will switch DNS servers and macOS and Safari work fine, but Chrome will not find internal servers. I assumed it was just a cache, but this makes sense.

[nirvdrum]

I was astonished at how this was handled on the issue tracker. It was closed as "works as designed" even though the design was the problem.

https://bugs.chromium.org/p/chromium/issues/detail?id=432236

(I'm obviously a bit biased on the matter because it affected me and cost me a silly amount of time to track down.)

[rkeene2]

They also removed support for mandatory features of HTTPS [0], as defined in RFC 2818. Not that I'm against the change /per se/, but there correct way to go about it is to change the standard.

They also claimed Firefox was doing the same thing, which is false and not really sufficient justification for not supporting things that MUST be supported.

[0] https://bugs.chromium.org/p/chromium/issues/detail?id=700354

[buildbot]

Oh, that explains a lot actually. Safari works great with a corporate VPN, Chrome randomly fails to resolve things...