This is a valid point. However, users will see "Pi-hole is not working". They will not see "Firefox enforces DoH". They will not see this because DoH is completely transparent. They don't know it exists so they cannot complain about it. However, they know Pi-hole exists and (apparently) isn't doing what they want: block ads.
Not handling the canary domain in the way Firefox is happy with would make Pi-hole stop working for the majority of users - the ones with Firefox. So it isn't something I'd like to consider.
My PR adds a patch for something we have forgotten: That blocked content takes precedence over
dnsmasq configuration. This is a defect and my PR fixes this for this one special case we have.
Yes. But they have no real motivation to do this. There is no pressing need to, at least. With them not accepting
0.0.0.0 the worst that happens is that Pi-hole doesn't work. May not be all that high in priority for them because really nobody will come and complain about this.
In contrast, whenever such this domain pops up in a adlist, the frustration of Pi-hole users may grow because they cannot find out what is going wrong (again, because they may not even know DoH and its opt-out is even a thing). This leads to frustration and an increase in support load for our team. Both can be easily fixed with my PR completing the canary domain handling in the edge case we have overlooked so far.
To signal that their local DNS resolver implements special features that make the network unsuitable for DoH, network administrators may configure their networks to modify DNS requests for the following special-purpose domain called a canary domain : use-application-dns.net .
The result will be considered positive if:
- The query completes with NOERROR and contains A or AAAA records (or both)
A negative result will be a signal to disable application DNS, i.e. DoH.
A 0.0.0.0 is still an
A record and, hence, it gets blocked. Think also about other blocking modes Pi-hole offers, say IP blocking. They may even server a real IP address like
192.168.0.10. Hence, we should exclude this domain from being added to gravity. Because it is the simplest, fastest and most reliable way to achieve what we want.
In the end, it is about us wanting that Pi-hole works out of the box with Firefox. It is not Firefox wanting to work best with Pi-hole. So they will not become active but we should.