Firefox's DNS settings

Managing Firefox's DNS settings rather than them controlling you.

Firefox does a few things intending to make your browsing experience better, but this isn't without its own issues.  This article is about the things Firefox does with DNS, some of the issues with what they do, and how to manage some of it. Some basic understanding of DNS required.

Firefox for starters, adds its own level of DNS that it even exists makes life more challenging to troubleshoot problems:

• It has its own layer of cache that, by default, remembers a given DNS lookup for 60 seconds. Clearing your host's DNS cache does not clear this one, and I've seen it remember failures, which is the straw that pushed me to learn all of this.

• It looks up all the links on a page when you load the page. So if a page has many links like I have in my bookmark pages or my client site admin pages, then it actually slows things down in addition to effectively advertising what page you were on to whoever might be watching DNS traffic.  Never mind all the additional traffic/packets to sieve through when troubleshooting.

Recently, Mozilla has added a new feature that will tunnel the DNS traffic over HTTPS through to their own DNS servers, aka DoH.  While good to protect the otherwise easy to read DNS traffic from prying eyes, it does mean that Mozilla/Cloudflare gets to see all your browsing DNS traffic.  Cloudflare is the current provider of this service for Firefox, and it is a changeable setting.  This makes it a question of which do you trust more, your local DNS path or Mozilla/Cloudflare?  Mozilla's stated intention is to have DoH be the default in the future, and they are 'just testing,' and now they are giving unsure messages of it given the push-back. ZDNet article on the downsides of DoH.  A way of blocking Firefox DoH

To see and possibly edit the settings for these, we need to get under the hood where we can do damage if we fumble finger anything.  So the first thing you want to do is backup your Firefox profile.  You can (and should periodically do) backup the entire profile as per Mozilla Support.

•  I make a point of clearing my Firefox cache beforehand to keep the backup size manageable.
• The file that gets touched in the following is the prefs.js, so making multiple copies of this as you edit your settings is a good thing.

Steps to see/edit Firefox DNS configuration:

• Type "about:config" in Firefox's address bar and press the Enter key.  
• Accept the warning/risk and be very careful here.
• On older Firefox (or newer after clicking on "Show All") : Scroll down to the network.dns....  selections about 3/4 the way down,  where a capital 'I' is ahead of the lowercase 'd' (ASCII sort rather than alphabetic sort)
• On Firefox starting with version 71 you get a prompt where you enter 'dns' for one set of below and then replace with 'trr' for the rest.

The settings of note are:
network.dns.disablePrefetch
   I set this to true as it doesn't make much sense for my use having FF go and look up all the things on the pages when I only go to one of them at a time.

network.dnsCacheExpiration
network.dnsCacheEntries
network.dnsCacheExpirationGracePeriod
   Setting either expiration or entries to '0' (zero) stops Firefox from caching DNS entries, leaving that up to your OS and upstream DNS server(s). Setting all three to '0' (zero) makes sure Firefox's cache is not being used.

network.trr.mode 0
network.trr.uri https://mozilla.cloudflare-dns.com/dns-query
   This is for the DNS over HTTPS, where the mode is a 0 or 5 has it disabled, and the URI is where it goes for content.     For more about this setting or the easier/safer way to set them


Any changes appear to be immediate, so just close you're about:config tab and proceed as per normal. Some browsing may be faster; some may be slower, but either way, you are that much more in control of your surfing.

Update 2019-12-15  After first writing this, Firefox made some nice changes with version 71 on how the about:config page works and this is now included.   Further reading on the (Anti-)Competitive and Network Neutrality aspects of DoH that shows how for most of us DoH is more pain than gain with out much of the touted benefit.

iTech

iTech is an IT conference that is held twice a year in Toronto. The spring show is held up near the airport, and the fall show is help in downtown Toronto. There are benefits of both of the show, and there are different vendors at both of the shows. This year there was a change, and we feel it didn’t go as well as it could have.

The spring show this year decided to charge for people to attend which is something they hadn’t done in the past. An initial email was sent out to past attendee, and you didn’t have to pay if you signed up by a given date which didn’t look too bad. After that time the cost was $20 and that included lunch, prize draws, and a reception at the end of the event. After a certain time, the price would then go up to $40 with the final price being $50 at the door.

We didn’t think the $20 would be a bad price and even $40 or $50 weren’t too bad considering the show and what you could get out of the overall show. What started to get frustrating was the number of discount offers that offered after the $40 time was reached. Most of the time if you were receiving emails from iTech you’d get a discount code taking the price back down to $20. What got me was even the day of the show there was a discount coupon so that even if you decided last minute to go to the show, it was still $20 at the door. If you were going to give the discount why not just keep the price at $20 and not do the roller coaster of the pricing. For someone that might have paid the higher price, it would have been extremely frustrating to know that someone walking up could have got a lower price just by simply being on a mailing list.  What would have made more sense was for iTech to not send the discounts rather have that as an option for the vendors/sponsors to send to their lists.

There are still so many people that think being able to get into a show for free is a given. There are times when getting into some shows for free is nice but also knowing that there might be some cost is something being in business involves. A cost for a lot of business owners and employees is the time that they are losing away from the office, but there is the benefit learning what products and services they could use to solve business problems in addition to maybe making some other connections and getting other business out of the conference as well learning. Each conference will have its cost, and you will need to weigh the benefits of them to ensure you are getting what you want out of the event.

For iTech, the biggest benefit for us is to see what is new in the industry and to meet up with some of the vendors that we have seen in the past to hear what is new. There are sessions offered, and they vary in level from the very basic to more technical, and you have to read the descriptions to ensure that the session is what you want.

iTech can be a good day of networking, and it is something that you need to understand when you go to it. Just thinking that you will have a lot of taking a-ways isn’t something that you are going to have. We have found some years we get a couple of good ideas and other years we may not get a lot of details, but we have seen what is new in the industry as well as reconnect with people that we know to maintain those connections.

Our overall review of iTech this spring is the price roller coaster was a bit frustrating and may have impacted how people registered for the event. The number of vendors/sponsors were lower this year as well, and that might have also impacted attendance. There were a few people that said they wouldn’t pay $20 to attend the show even if they got lunch after going to the event for years and not having to pay at all.

Why we are here

Konecny Consulting's purpose is to help bring out the best in our customers.

This blog is to explore and share some of our observations, findings and views about the industry.  We hope to be able to show some of what we see at the various events and the industry as a whole.

Our posting will be as things happen rather than to a fixed schedule, so please subscribe to the available options so you will be notified when there are new posts.