Advice Request Firefox playing silly buggers...

Please provide comments and solutions that are helpful to the author of this topic.

porkpiehat

Level 6
Thread author
Verified
Well-known
May 30, 2015
277
ok, after Firefox updated, I loaded the Ensi page, and it is intermittently showing Secure DNS errors...
DOH is set in prefs, with Cloudflare option enabled.
can anyone shed any light on this.. thank you.
Screenshot 2021-04-01 101342.png
Screenshot 2021-04-01 101659.png
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
ok, after Firefox updated, I loaded the Ensi page, and it is intermittently showing Secure DNS errors...
DOH is set in prefs, with Cloudflare option enabled.
can anyone shed any light on this.. thank you.

What is your DNS service setup on your router ? do you have setup Cloudflare DNS on network settings of Windows 10 ?

Honestly, I don't know what is the reason, just can guess it's either Cloudflare or Mozilla/Firefox, if all related settings are properly enabled by user.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Just tried out on my Firefox 87.0, Cloudflare DoH chosen on settings of Firefox.
Here is the same "Secure DNS" at first shows error but after re-test works fine (green)

I cannot tell what was before on Firefox 86 as my DoH is set for Quad9.
 
  • Like
Reactions: The_King and Kongo

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,481
ok, after Firefox updated, I loaded the Ensi page, and it is intermittently showing Secure DNS errors...
DOH is set in prefs, with Cloudflare option enabled.
can anyone shed any light on this.. thank you.View attachment 256248View attachment 256249
Whats the value of "network.trr.mode" in your about:config settings? NextDNS for example requires to set it to the value "3". Not sure how it supposed to be with Cloudflare tho.
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,481
I could be misremembering, but I seem to remember hearing that it was broken and didn't always provide accurate results especially if not using cloudflare (which in this case they were using 1.1.1.1). As I said, I could be mistaken.
I'm confused now... Are you talking about the Cloudflare ESNI test or the NextDNS test? If you are talking about the Cloudflare test then yes, it won't detect other DNS providers as a secure DNS transport. When using for example NextDNS with correct settings the testing site will look like that:

Unbenannt.PNG

So the "You may not be using secure DNS" message mostly indicates that you actually are using an encrypted DNS protocol from a different provider than Cloudflare.
 
  • Like
Reactions: blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
I'm confused now... Are you talking about the Cloudflare ESNI test or the NextDNS test? If you are talking about the Cloudflare test then yes, it won't detect other DNS providers as a secure DNS transport. When using for example NextDNS with correct settings the testing site will look like that:

View attachment 256251

So the "You may not be using secure DNS" message mostly indicates that you actually are using an encrypted DNS protocol from a different provider than Cloudflare.
Yes the ESNI test. But I may also be confusing something else with this test. Clearly it’s too early for me to be posting :ROFLMAO:
 

The_King

Level 12
Verified
Top Poster
Well-known
Aug 2, 2020
542
I can also confirm that something goes haywire when you enable the Cloudflare DoH option in FF 87.

Both of the following pages give random YES and NO results for DoH and Secure DNS test results

I tested this issue by using DNSCrypt and enabling Cloudflare resolvers only . Now it always gives the exact same result
on both pages. The Enable DNS over HTTPS option has to remain unticked in order for DNSCrypt settings to work correctly.

The advantage of using DNSCrypt is that your entire system including the FF browser is setup to use DNS over HTTPS.
I am sure the same result can be achieved with YogaDNS.

So it does look like there is indeed an issue with the current Clouflare DoH setting in FF 87.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top