Open Bug 1891381 Opened 2 months ago Updated 2 months ago

Option to remove DNS over HTTPS bypass on filtered results (children protection)

Categories

(Core :: Networking: DNS, enhancement, P3)

Product:
Core
Component:
Networking: DNS
Type:
enhancement

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: info, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

DNS.zip
622.30 KB, application/zip
Details
Attached file DNS.zip

Steps to reproduce:

DNS over HTTPS is very practical.
But when it's for a child to avoid inadvertently visiting a porn site, it's no good with Firefox.

Actual results:

Just click on a button... and you're on the porn site.

Expected results:

There should be an additional option to block bypassing.
In fact, a fifth option.

A demonstration is included in the ZIP file with several screenshots.

The Bugbug bot thinks this bug should belong to the 'Core::Networking: DNS' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Networking: DNS
Product: Firefox → Core
Severity: -- → N/A
Priority: -- → P2
Whiteboard: [necko-triaged][necko-priority-new]

DoH was not designed as a DNS-filtering tool (though dns0.eu suggests using it for that). We don't know if the DNS provider filtered it (dns0.eu doesn't implement Extended DNS Errors - https://datatracker.ietf.org/doc/html/rfc8914), or there was some other problem with the DoH provider.

You can turn off DoH, and set the system DNS to kids.dns0.eu. Then Firefox won't show a button to bypass. Note that they could turn on DoH in settings and point it at some other DoH provider and bypass the system setting.

Changing the title to better capture the request

Summary: DNS over HTTPS / children protection → Option to remove DNS over HTTPS bypass on filtered results (children protection)

Thank you for changing the title.

I'm familiar with the fact that DNS can be changed at different levels (browser, ISP, computer, etc.).
https://linuxfr.org/nodes/134225/comments/1944927

Compared to Chromium, it's to have something simple.
And when you use an anti-malware DNS, it's also to have something efficient.

Blocks: doh
Priority: P2 → P3
Whiteboard: [necko-triaged][necko-priority-new] → [necko-triaged]

Excuse me, but I'd like to remind you that this problem also concerns providers of this kind of service (for example):
https://www.quad9.net https://www.dns0.eu/zero https://one.one.one.one/family/ https://dnsforge.de https://dns.yandex.com and https://www.cira.ca/en/canadian-shield/

Therefore, lowering the priority is not a good idea for the protection against viruses and phishing.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: