Firefox 76 DOH - network.trr.mode 3 no longer works?

I have not been able to get network.trr.mode 3 working since the last FF update to version 76. My settings are as follows:
network.trr.mode = 3
network.trr.custom_uri = https://mozilla.cloudflare-dns.com/dns-query
network.trr.bootstrapAddress - 1.1.1.1

same setting as i have always had working NP but version 76 will not allow trr mode 3. I even did a complete OS rebuild with FF 76 with these settings and it still does not work. Only trr mode 2 will work and Cloudflare ESNI checking tool confirmes nothing is working.

Is there some new requirement for FF ver 76 to get mode ‘3’ working?
Thanks.

What does that exactly mean?

I just tried it on Firefox and DoH seemed to work fine.
The actual URL is saved under network.trr.uri. Is that field correct?

Did you already ask in Mozilla’s forums?

The option 3 requires DOH whereas option 2 allows fallback to non-DOH DNS queries - the way I understand it anyways. Yes, I used that field you state “network.trr.uri” for the cloudflare server. I have not tried the Mozzilla Forum yet but will I suppose.

I know what 3 does. My question was aimed at “not allow”. What happens?

Mozilla should be your primary contact in this case. For me it still works.

Sandro, sorry I was slow to respond - the notice was in my junk folder of course. Anyhow, i uploaded a screen shot - basically no internet connection. I tried Mozilla as well and no luck so far. Given it works for others then perhaps I have a Gateway issue preventing this or something. Very off as all was working before FF 76 and again I’m having this issue on all my machines.

What did Mozilla say?

What does this return?

powershell "(Invoke-WebRequest -UseBasicParsing -Uri 'https://mozilla.cloudflare-dns.com/dns-query?name=cloudflare.com' -Headers @{'Accept' = 'application/dns-json'}).RawContent"

But, again, for me it works, so I’d assume it is a local issue.

Mozilla suggested I look in the Browser Console which is new for me so I’ll give it a shot and update once i figure that out.

Your Powershell command produced the following:
Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a send.
At line:1 char:2

• (Invoke-WebRequest -UseBasicParsing -Uri 'https://mozilla.cloudflare- …

•  + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
   + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
  
  

No idea what that output means but it does not sound good ???

Thats not an issue with DoH however, for some reason your Windows setup couldnt run the command.

I’d try with a fresh browser profile, the issue should neither be Firefox nor Cloudflare related.

Alternatively, whats the output of https://mozilla.cloudflare-dns.com/dns-query?ct=application/dns-json&name=cloudflare.com?

Below is the output - certificate error and the reference to “untangle” which is my security gateway / router. Seems like my Gateway has the certificate and not the Browser or something. Thoughts?

Output:
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for mozilla.cloudflare-dns.com. The certificate is only valid for untangle.example.com.

Error code: SEC_ERROR_UNKNOWN_ISSUER

Seems as if your router hijacked the address.

I figured it out finally and thought I would report back to close the loop. My Gateway has a feature called Web Filter and I had a block-session turned on for “Proxy Avoidance and Anonymizers”. I saw the blocked traffic in the reports. Once I turned off the blocker, all was good. I’m still not sure why this issue only arose when upgrading to FF 76 but anyhow. Apologize for the confusion and thanks for your help.

This topic was automatically closed after 30 days. New replies are no longer allowed.