[Tails-dev] Configure TBB to use Hidden TRR DNS

Nachricht löschen

Nachricht beantworten
Autor: Sephula
Datum:  
To: tails-dev
Betreff: [Tails-dev] Configure TBB to use Hidden TRR DNS
Hello Team,

    Recently, Mozilla added Trusted Recursive Resolver capabilities into
Firefox 62, which is the version the current Tor Browser is based on. 
This means it's now possible to use DNS over HTTPS.  Also, Clouflare is
now running a hidden service DNS resolver with the TRR and DoH
capability.  This means that users of Tor Browser can configure Firefox
to send DNS to an encrypted server within the Tor Network to prevent
attacks from rogue exit nodes.  I've tested this, and it does work.  In
fact, browsing is even faster, since DNS queries are not having to route
outside of Tor.

    It's easy to activate the feature by changing only two values in
about:config.  You only need to set the value for "network.trr.mode" to
"2" (with fallback) or "3" (TRR only), and the value of
"network.trr.uri" to
"https://dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion/".

    Below are some announcements, with instructions on how to enable the
feature.

Mozilla adds TRR to Firefox (available in stable branch since version 62):

https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/

Instructions on how to enable it:

https://wiki.mozilla.org/Trusted_Recursive_Resolver

Clouflare introduces their hidden resolver:

https://blog.cloudflare.com/welcome-hidden-resolver/

     Is there any reason why this wouldn't be safe to use with TAILS or
Tor Browser?  If not, then why not add it by default?  I noticed a
significant improvement in browsing speed, even though the added
protection is already enough of a reason.

Thanks,

Chad