note to self: firefox TRR policy lock locks trr.mode to 2 (TRR first)

2024-05-13 19:33:30 +03:00 · 2024-05-13 19:33:30 +03:00 · 0a0fe39076
parent 95d59857eb
commit 0a0fe39076
2 changed files with 9 additions and 1 deletions
--- a/conf/librewolf.overrides.cfg
+++ b/conf/librewolf.overrides.cfg
@ -108,7 +108,9 @@ pref("network.IDN_show_punycode", true);
 pref("reader.parse-on-load.force-enabled", true);

 // TRR & ECH
-// Mode 2 allows fallback to system resolver, 3 is TTR-only
+// WARNING: policies.json lock enforces mode 2. However it won't matter
+// since the system resolver is encrypted, right?
+// Mode 2 allows fallback to system resolver, 3 is TTR-only.
 //pref("network.trr.mode", 2);
 defaultPref("network.trr.mode", 3);
 pref("network.trr.early-AAAA", true);
--- a/etc/firefox/policies/README.md
+++ b/etc/firefox/policies/README.md
@ -13,6 +13,7 @@ per whatever I am doing.
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->

 - [WARNING TO LIBREWOLF USERS](#warning-to-librewolf-users)
+- [WARNING TO TRR/ENCRYPTED DNS USERS!](#warning-to-trrencrypted-dns-users)
 - [Extensions](#extensions)
  - [Privacy Badger](#privacy-badger)
 - [Search engines](#search-engines)
@ -28,6 +29,11 @@ This file takes priority over
 `/usr/share/librewolf/distribution/policies.json` so don't apply this or
 a lot of LibreWolf specific customizations stops being in force.

+## WARNING TO TRR/ENCRYPTED DNS USERS!
+
+If `policies.json` locks DNS over HTTPS, `trr.mode` gets locked into `2` which
+means fallback to system resolver.
+
 ## Extensions

 They are mostly self-explanatory.