From 0a0fe3907609a38d207daa1c584d7e082608533b Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Mon, 13 May 2024 19:33:30 +0300
Subject: [PATCH] note to self: firefox TRR policy lock locks trr.mode to 2
 (TRR first)

---
 conf/librewolf.overrides.cfg   | 4 +++-
 etc/firefox/policies/README.md | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/conf/librewolf.overrides.cfg b/conf/librewolf.overrides.cfg
index d0ecf9aa..1e6982a9 100644
--- a/conf/librewolf.overrides.cfg
+++ b/conf/librewolf.overrides.cfg
@@ -108,7 +108,9 @@ pref("network.IDN_show_punycode", true);
 pref("reader.parse-on-load.force-enabled", true);
 
 // TRR & ECH
-// Mode 2 allows fallback to system resolver, 3 is TTR-only
+// WARNING: policies.json lock enforces mode 2. However it won't matter
+// since the system resolver is encrypted, right?
+// Mode 2 allows fallback to system resolver, 3 is TTR-only.
 //pref("network.trr.mode", 2);
 defaultPref("network.trr.mode", 3);
 pref("network.trr.early-AAAA", true);
diff --git a/etc/firefox/policies/README.md b/etc/firefox/policies/README.md
index 3e1bb023..1f137a62 100644
--- a/etc/firefox/policies/README.md
+++ b/etc/firefox/policies/README.md
@@ -13,6 +13,7 @@ per whatever I am doing.
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 
 - [WARNING TO LIBREWOLF USERS](#warning-to-librewolf-users)
+- [WARNING TO TRR/ENCRYPTED DNS USERS!](#warning-to-trrencrypted-dns-users)
 - [Extensions](#extensions)
   - [Privacy Badger](#privacy-badger)
 - [Search engines](#search-engines)
@@ -28,6 +29,11 @@ This file takes priority over
 `/usr/share/librewolf/distribution/policies.json` so don't apply this or
 a lot of LibreWolf specific customizations stops being in force.
 
+## WARNING TO TRR/ENCRYPTED DNS USERS!
+
+If `policies.json` locks DNS over HTTPS, `trr.mode` gets locked into `2` which
+means fallback to system resolver.
+
 ## Extensions
 
 They are mostly self-explanatory.