[Android] Disabling DoH And ODoH Still Allows Traffic To Dooh.waterfox.net

by ADMIN 75 views

Android] Disabling DoH and ODoH still allows traffic to dooh.waterfox.net

As a user of Waterfox on Android, you may have come across the option to disable DNS over HTTPS (DoH) and Oblivious DoH. However, despite disabling both features, you may still notice that your DNS traffic is being sent to dooh.waterfox.net. This can be a concern for users who rely on local DNS-level filtering, such as those using a Pi-hole setup. In this article, we will explore this issue and provide steps to reproduce it.

Disabling both DNS over HTTPS and Oblivious DoH in Waterfox (Android) has no effect. Even after toggling both off and restarting the app, Waterfox continues to make DNS queries to dooh.waterfox.net. This causes all DNS traffic to bypass your Pi-hole (v6) setup and defeats local DNS-level filtering.

To reproduce this issue, follow these steps:

  1. Open Waterfox settings: Open the Waterfox app and navigate to the settings menu.
  2. Disable both "DNS over HTTPS" and "Oblivious DoH": Toggle both options off to disable DoH and ODoH.
  3. Restart the browser: Restart the Waterfox app to ensure that the changes take effect.
  4. Monitor DNS traffic using Pi-hole: Use your Pi-hole setup to monitor the DNS traffic coming from your device.
  5. Observe continued requests to dooh.waterfox.net: Check the Pi-hole logs to see that Waterfox is still making DNS queries to dooh.waterfox.net.

With both options disabled, Waterfox should use the system DNS resolver only. This means that all DNS traffic should be sent to the system's DNS resolver, bypassing the Waterfox DNS resolver and dooh.waterfox.net.

The following environment was used to reproduce this issue:

  • Waterfox: 1.0.13 (Build #2025131905)
  • OS: Android 15
  • Pi-hole: v6

This issue is reproducible on Waterfox for Android, but not on Mozilla Firefox.

The version of Waterfox used to reproduce this issue is 1.0.13 (Build #2025131905).

This issue is being seen on Android.

# No relevant log output is available at this time.

This issue may be caused by hidden fallback behavior or a bug in the preference handling. Further investigation is needed to determine the root cause of this issue.

Disabling DoH and ODoH in Waterfox (Android) does not prevent DNS traffic from being sent to dooh.waterfox.net. This can cause DNS traffic to bypass local DNS-level filtering, such as that provided by a Pi-hole setup. To reproduce this issue, follow the steps outlined above. Further investigation is needed to determine the root cause of this issue and to resolve it.

If you are experiencing this issue, we recommend the following:

  • Use a different DNS resolver: Consider using a different DNS resolver that does not have this issue.
  • Monitor DNS traffic: Use a tool like Pi-hole to monitor your DNS traffic and detect any issues.
  • Report the issue: Report this issue to the Waterfox development team to help them identify and resolve the problem.

We will continue to investigate this issue and provide updates as more information becomes available. In the meantime, we recommend that users take the steps outlined above to mitigate the issue.
Q&A: Disabling DoH and ODoH still allows traffic to dooh.waterfox.net

In our previous article, we explored the issue of disabling DNS over HTTPS (DoH) and Oblivious DoH in Waterfox (Android) still allowing traffic to dooh.waterfox.net. This can cause DNS traffic to bypass local DNS-level filtering, such as that provided by a Pi-hole setup. In this article, we will answer some frequently asked questions (FAQs) about this issue.

A: The cause of this issue is not yet fully understood. It may be related to hidden fallback behavior or a bug in the preference handling. Further investigation is needed to determine the root cause of this issue.

A: No, this issue is not specific to Waterfox. However, it is currently being seen on Waterfox for Android, but not on Mozilla Firefox.

A: Yes, you can disable DoH and ODoH on your device. However, as we have seen, disabling both features does not prevent DNS traffic from being sent to dooh.waterfox.net.

A: You can use a tool like Pi-hole to monitor your DNS traffic. Pi-hole is a free, open-source DNS logging and blocking tool that can help you detect and block malicious DNS requests.

A: The implications of this issue are that DNS traffic may bypass local DNS-level filtering, such as that provided by a Pi-hole setup. This can allow malicious DNS requests to be sent to the internet, potentially compromising your device's security.

A: Yes, you can report this issue to the Waterfox development team. We recommend that you provide as much detail as possible, including the steps you took to reproduce the issue and any relevant log output.

A: To mitigate this issue, we recommend that you:

  • Use a different DNS resolver that does not have this issue.
  • Monitor your DNS traffic using a tool like Pi-hole.
  • Report the issue to the Waterfox development team.

A: We do not know for certain whether this issue will be fixed in a future update. However, we recommend that you continue to monitor the issue and report any further problems to the Waterfox development team.

Disabling DoH and ODoH in Waterfox (Android) still allows traffic to dooh.waterfox.net. This can cause DNS traffic to bypass local DNS-level filtering, such as that provided by a Pi-hole setup. We hope that this Q&A article has provided you with a better understanding of the issue and its implications. If you have any further questions, please do not hesitate to contact us.