Hacker News new | ask | show | jobs
by josephcsible 998 days ago
> The second way is to return a “no error no answer” or an NXDOMAIN response to queries made to the use-application-dns.net.

This misfeature can't be removed from browsers soon enough. Its existence is totally contrary to DoH's threat model, since the people DoH is designed to protect you from are exactly the ones who can manipulate insecure DNS results for that domain.
1 comments
growse 998 days ago
It's just a network hint. Browsers are free to ignore (and I think Firefox has a toggle to ignore it).
link
LinuxBender 998 days ago
and I think Firefox has a toggle to ignore it

They do. It used to be one had to modify modes in about:config but now there is a GUI for it in the settings.

[1] - https://support.mozilla.org/en-US/kb/dns-over-https

link