Pihole - firefox - cloudflare

I read this article and found an alarming statement in update 2.
We’ll use the default resolver, as we do now, but we’ll also send the request to Cloudflare’s DoH resolver. Then we’ll compare the two to make sure that everything is working as we expect.

There are already two reddit topics about this subject, here and here, however, I haven’t seen the important question: Will blocking still work with pihole?

Additional question: Any good ideas for a defence against this undesired behavior? The method, described in the original document, section update 1 (changing ‘network.trr.mode=5’, using ‘about:config’) requires configuration on the individual workstations, not my favorite solution…

Blocking with Pi-hole would no longer work. However, that change is a test in Firefox Nightly, and I sincerely doubt that it will eventually be enabled by default in stable.

By the way: changing such a setting for multiple workstations is relatively easy by creating a user.js file and copying it to the respective profiles. There’s no need to manually change it in about:config on every computer.

  1. Disable that feature in Firefox.
  2. Don’t use that version of Firefox that contains the feature.
  3. Some people are putting firewall rules into their routers to block such side-stepping DNS traffic and force DNS requests to the Pi-Hole.

4. If you sandbox Firefox with Firejail on Linux, add a rule

dns IP-address_of_your_P-hole

to firefox.profile.