
What’s Next in Making Encrypted DNS-over-HTTPS the Default - headalgorithm
https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/
======
core-questions
Does this mean that Firefox will essentially be bypassing my DHCP-configured
DNS servers by default (unless split-horizon gets triggered)? What if
mycompany.com is resolved internally differently than externally, a common
need when dealing with things like application gateway proxies and such? What
if I want to use a Pi-Hole or other such DNS-blackholing technology to protect
myself?

~~~
AndrewDucker
If you want to have a custom setup then nothing is stopping you from doing so,
is it?

~~~
core-questions
Perhaps not individually, but Firefox is notoriously difficult to configure
for an enterprise. Continually changing config file formats, no support for
Group Policy or any other easy centralized config management, doesn't use the
OS-wide certificate stores, etc.

Tons of behaviours that just make it a royal pain in the ass to deploy in the
corporate world, even though I do believe it's a better browser for my end-
users and for the privacy of personal and corporate data.

~~~
AndrewDucker
[https://support.mozilla.org/en-US/kb/customizing-firefox-
usi...](https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-
policy-windows)

Including setting up certificates [https://support.mozilla.org/en-
US/kb/setting-certificate-aut...](https://support.mozilla.org/en-
US/kb/setting-certificate-authorities-firefox)

~~~
core-questions
Thank you kindly, that's new since the last time I looked into this in depth.
Appreciated.

