[livre]

>if you receive an nxdomain response if it will attempt another resolver?

That's exactly why, for example Firefox queries CloudFlare's DoH if it gets an NXDOMAIN[1]

[1] https://github.com/AdguardTeam/AdGuardHome/issues/1914

[vermaden]

I do not use DoH and have it disabled in Firefox with network.trr.mode=5 in about:config page as described in the link [1] below.

[1] https://support.mozilla.org/en-US/kb/firefox-dns-over-https

This way I get best of both worlds. Speed with NXDOMAIN and lack of needless CloudFlare DoH requests.

Hope that helps.

[livre]

I configured Firefox to use my local DoH server instead. That way I don't have to fight against DoH, I get the (few) benefits of ESNI and can still choose what my upstream servers will be. Your solution is also good and it is what we configured at work (through group policies). You or someone else reading may find this[1] and this[2] useful.

[1] https://github.com/mozilla/policy-templates#dnsoverhttps

[2] https://cloud.google.com/docs/chrome-enterprise/policies/?po...

[vermaden]

Thanks for pointing this out, I will dig more into this.

[tiew9Vii]

Thank you.

So for the purposes of adblocking you do not want to use NXDOMAIN and prefer returning 0.0.0.0.

[denkmoon]

This doesn't happen when DoH is disabled in Firefox right?

[livre]

I don't know, I'm not the one who reported that issue and I use a local DoH server, that way I make sure that when Firefox uses DoH I still have full control over it.