1

Unable to whitelist Firefox canary domain

Good day, I noticed that if I whitelist use-application-dns.net the domain is still blocked. I also noticed that it isn't displaying its blocked reason such as Blocked by Bypass Methods. It is whitelisted but still returning an NXDOMAIN.

Another technical matter, I also added this domain to dns rewrite. This is also being ignored.

This may be related to something else posted on the forum 3 years ago.

As for the technical reason I needed these functions. There is none. I was trying to see what breaks when I mess with it. So this isn't a pressing issue.

Thanks for your time and effort!

3 replies

null
    • Calvin_Hobbes
    • 2 wk ago
    • Reported - view

    I checked it out and it’s blocked for me, but the log gives a reason of “Manually Denied” and I have attached a screenshot.

    I have never encountered that reason before.   It’s not an entry in my Block list.

    Adding the entry to Allow list doesn’t seem to help either.

    However, with NextDNS disabled, entering the FQDN into the address bar of a web browser brings up this page which might explain what’s going on.

    https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet

    I can’t say I understand the explanation but it seems to be relevant.  

    • Calvin_Hobbes
    • 2 wk ago
    • Reported - view

    This article from 2020 specifically mentions NextDNS as participating in the Canary domain TRR

    https://blog.technitium.com/2020/07/how-to-disable-firefox-dns-over-https.html

    What is TRR? https://blog.technitium.com/2020/07/how-to-disable-firefox-dns-over-https.html
     

    I believe this whole thing about a canary domain was used in the early days of DOH as a way to signal to web browsers that they should NOT use DOH and fall back to plain old dns over UDP port 53.  Or something like that.  I don’t know really.   Until now I had never heard of this 

    • IAmRPDev
    • 11 days ago
    • Reported - view

    You are correct it says manually denied, I had an extension enable that was blocking the reason initially. Everything else still stands. Its not in my blocklist, it ignores whitelist, and it seems to be outside the scope of any category, such as bypass methods.

    Not that I would allow the domain anyways. I just happened to notice it while I was watching the logs. What I also find interesting is with Firefox's DNS disabled/off it still reaches out to this domain.

Content aside

  • 1 Likes
  • 10 days agoLast active
  • 3Replies
  • 29Views
  • 2 Following