I have a blocklist entry implemented as a regex for a certain domain. I know it works at a low-level:
(base) [kyle@catamaran ~]$ dig discord.com
; <<>> DiG 9.16.6 <<>> discord.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32315
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;discord.com. IN A
;; ANSWER SECTION:
discord.com. 2 IN A 0.0.0.0
;; Query time: 13 msec
;; SERVER: 192.168.1.193#53(192.168.1.193)
;; WHEN: Wed Nov 11 23:55:47 EST 2020
;; MSG SIZE rcvd: 45
however firefox is not getting blocked for the same domain and i see the following in pihole query logs when making a request to discord:
2020-11-11 23:57:45 AAAA mozilla.cloudflare-dns.com wgwz-mac OK (cached)
2020-11-11 23:57:45 A mozilla.cloudflare-dns.com wgwz-mac OK (cached)
i tested accessing the same domain in chrome and the domain is blocked there (after clearing the cache). i tried clearing the firefox cache hoping it was the same but it makes no difference.
Sort of. It is the default in Firefox, but it respects the canary domain. It is only when you toggle this setting and deliberately select DoH that Firefox ignores the canary domain and does what you specified.
I think this is consistent with what I saw. But I'm pretty sure they have a pop-up now, which if you respond yes to, it turns on using DoH all the time. And it does seem to bypass the canary domain. Pop-up comes from the either the lock or shield icon next to the Firefox search bar.