You know, we might as well just run every network service over HTTPS/2 and

* * * * *

You know, we might as well just run every network service over HTTPS/2 and
build another six layers on top of that to appease the OSI 7-layer burrito
guys

I've seen the writing on the wall, and while for now you can configure
Firefox [1] not to use DoH (Dns Over HyperText Transport Protocol Secure
version 2), I'm not confident enough to think it will remain that way. To
that end, I've finally set up my own DoH server for use at Chez Boca. It only
involved setting up my own CA (Certificate Authority) to generate the
appropriate certificates, install my CA certificate into Firefox, configure
Apache [2] to run over HTTP/2 (**THANK YOU SO VERY XXXXXXX MUCH GOOGLE FOR
SHOVING THIS HTTP/2 XXXXXXXX DOWN OUR THROATS!**—no, I'm not bitter) and
write a 150 line script [3] that just queries my own local DNS (Domain Name
Service), because, you know, it's more XXXXXXX secure or some XXXXXXXX reason
like that.

Sigh.

And then I had to reconfigure Firefox using the “advanced configuration page
[4]” to tweak the following:

Table: Firefox configuration for DoH
variable value
------------------------------
network.trr.allow-rfc1918 true
network.trr.blacklist-duration 0
network.trr.bootstrapAddress 192.168.1.10
network.trr.confirmationNS skip
network.trr.custom_uri https://playground.local/cgi-bin/dns.cgi
network.trr.excluded-domains
network.trr.max-fails 15
network.trr.mode 3
network.trr.request-timeout 3000
network.trr.resolvers 192.168.1.10
network.trr.uri https://playground.local/cgi-bin/dns.cgi

------------------------------
variable value
I set network.trr.mode to “3” instead of “2” because it's coming. I know it's
just coming so I might as well get ahead of the curve.

[1] http://www.mozilla.org/
[2] https://httpd.apache.org/
[3] gopher://gopher.conman.org/0Phlog:2019/10/17/dns.lua
[4] about:config

Email author at [email protected]