Q&A Firefox leaking DNS

porkpiehat

Level 6
May 30, 2015
252
ok, I have Cloudflare setup in my Network settings, have DoH selected in Firefox settings, and everything is hunky dory with the Cloudflare ENSI test page... now, when I test my DNS with Bash.ws, it shows the Cloudflare servers, and my ISP servers........ I have run this test with my other browsers, which are setup with similar configs, namely Edge, and Opera, without such problems. I can only assume that the problem is with Firefox... any thoughts?
 
Solution
Yes ESNI seems to only work for certain traffic at certain ports. I noticed that too in NextDNS analytics. It seems loading/querying a site is done with ESNI. But, once you are on the site and it is streaming/updating content that traffic is sent without ESNI or DoH.

Try going into about:config and set "network.trr.mode" to 3

Also set "network.trr.bootstrapAddress" to the IP address of your DoH resolver if you can find that address. If not try to find it through here.

Set "media.peerconnection.enabled" to false to disable WebRTC leaks

Cleo

Level 2
May 25, 2020
83
Do a check for me please if you use uBO. Open uBlock Origin’s settings, enable the option “I am an advanced user” then click on the wheels icon to open its advanced settings. Find the parameter called cnameUncloak, set it to false and apply the settings to take effect.
re-test for leak.
 

SpiderWeb

Level 4
Aug 21, 2020
171
Yes ESNI seems to only work for certain traffic at certain ports. I noticed that too in NextDNS analytics. It seems loading/querying a site is done with ESNI. But, once you are on the site and it is streaming/updating content that traffic is sent without ESNI or DoH.

Try going into about:config and set "network.trr.mode" to 3

Also set "network.trr.bootstrapAddress" to the IP address of your DoH resolver if you can find that address. If not try to find it through here.

Set "media.peerconnection.enabled" to false to disable WebRTC leaks
 
Solution

porkpiehat

Level 6
May 30, 2015
252
Do a check for me please if you use uBO. Open uBlock Origin’s settings, enable the option “I am an advanced user” then click on the wheels icon to open its advanced settings. Find the parameter called cnameUncloak, set it to false and apply the settings to take effect.
re-test for leak.
I don't use uBO... but I also did the test in 'safe' mode with addons disabled...
 
Top