I've seen the writing on the wall, and while for now you can configure Firefox [1] not to use DoH (Dns Over HyperText Transport Protocol Secure version 2), I'm not confident enough to think it will remain that way. To that end, I've finally set up my own DoH server for use at Chez Boca. It only involved setting up my own CA (Certificate Authority) to generate the appropriate certificates, install my CA certificate into Firefox, configure Apache [2] to run over HTTP/2 (**THANK YOU SO VERY XXXXXXX MUCH GOOGLE FOR SHOVING THIS HTTP/2 XXXXXXXX DOWN OUR THROATS!**—no, I'm not bitter) and write a 150 line script [3] that just queries my own local DNS (Domain Name Service), because, you know, it's more XXXXXXX secure or some XXXXXXXX reason like that.
Sigh.
And then I had to reconfigure Firefox using the “advanced configuration page [4]” to tweak the following:
Table: Firefox configuration for DoH variable value ------------------------------ network.trr.allow-rfc1918 true network.trr.blacklist-duration 0 network.trr.bootstrapAddress 192.168.1.10 network.trr.confirmationNS skip network.trr.custom_uri https://playground.local/cgi-bin/dns.cgi network.trr.excluded-domains network.trr.max-fails 15 network.trr.mode 3 network.trr.request-timeout 3000 network.trr.resolvers 192.168.1.10 network.trr.uri https://playground.local/cgi-bin/dns.cgi ------------------------------ variable value
I set network.trr.mode to “3” instead of “2” because it's coming. I know it's just coming so I might as well get ahead of the curve.