Firefox 77.0.1 released to prevent DDoSing DoH DNS providers

Firefox 77.0.1 released to prevent DDoSing DoH DNS providers


Mozilla just released Firefox 77.0.1 to prevent DDoSing the DNS over HTTPS (DoH) providers selected automatically as part of a wider deployment test run of the standard.


"Disabled automatic selection of DNS over HTTPS providers during a test to enable wider deployment in a more controlled way," the Firefox 77.0.1 release notes explain.


 "We need to be able to roll this out gradually so that we don't overload any providers," Senior Software Engineer Nihanth Subramanya said on Mozilla's bug tracker.


"Even the dry-run involves up to 10 requests per client which can be very significant when the entire release population updates."



According to the user impact details included with the Beta/Release Uplift Approval Request for the 'Pref-off automatic TRR-selection by default' feature, "[t]his prefs-off a feature that seems to be effectively DDoS'ing NextDNS, one of our DNS over HTTPs providers."


Firefox DoH rollout


DNS over HTTPS is a new standard that enables web browsers to perform DNS resolution over encrypted HTTPS connections instead of using normal plain text DNS lookups.


Mozilla announced in September 2019 that they would be enabling DoH by default in the Firefox browser, using Cloudflare's DNS provider as the default DoH provider which led to concerns regarding the Firefox users' data being controlled by a single company.


firefox released prevent ddosing providers