Pete Freitag Pete Freitag

Firefox Hosts File Not Working?

web

I'm probably not the first one to notice this, but if you have a hosts file (eg /ect/hosts or c:\windows\system32\drivers\etc\hosts on windows) you might find that recent versions of Firefox will ignore it. When I encountered this, my guess was that it was caused by Firefox enabling DNS over HTTPS by default.

And it turns out that you can workaround this issue by disabling DNS over HTTPS in Firefox.

How to Disable DNS over HTTPS in Firefox

  • Open Firefox Settings
  • Open Network Settings (on bottom of General tab or just type dns in the search box)
  • Uncheck the Enable DNS over HTTPS checkbox

After making this change your hosts file dns names should now resolve properly.

What are the implications of disabling DNS over HTTPS?

Instead of using the DNS server that your operating system / network settings provide, firefox will make a HTTPS request to a DNS server. By default it routes these requests to CloudFlare DNS (via https://1.1.1.1/dns-query - this has some pros and cons.

What is good about DNS over HTTPS? Well, your DNS traffic is not usually encrypted by default, so that means that your ISP can and probably does log and sell the DNS request history to third parties. With this data the ISP could know what websites you request. The ISP could also learn this from the network traffic based upon which IPs you are connecting to, but the DNS data may be richer. With DNS over HTTPS the host name that you are requesting is encrypted in the HTTPS request, so now only the endpoint server (for example CloudFlare DNS) would have access to the host names you are visiting. According to CloudFlare Unlike most DNS resolvers, 1.1.1.1 does not sell user data to advertisers

The cons of DNS over HTTPS, if you are on a corporate network you may run into similar issues if there are dns records that only resolve to your DNS server, you might also have a DNS server you want to use for blocking / filtering purposes and the DNS over HTTPS setting would bypass that protection. These cases are less common, so enabling the DNS over HTTPS generally is a good default.

Example DNS Over HTTPS Query

Here's how you can make a DNS over HTTPS query using curl from the commandline:

curl --http2 -H 'accept: application/dns-json' 'https://1.1.1.1/dns-query?name=firefox.com'

And that will return with something like this:

{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": false,
  "CD": false,
  "Question": [
    {
      "name": "firefox.com",
      "type": 1
    }
  ],
  "Answer": [
    {
      "name": "firefox.com",
      "type": 1,
      "TTL": 296,
      "data": "44.236.72.93"
    }
  ]
}

Like this? Follow me ↯

Firefox Hosts File Not Working? was first published on July 13, 2022.


Comments

I couldn't get the sample CURL to work with the single quotes when using CURL on Windows. (I had to use double quotes.) 1.1.1.1 also wasn't responding. This worked though:

curl -H "accept: application/dns-json" "https://cloudflare-dns.com/dns-query?name=firefox.com&type=A"
by James Moberg on 07/15/2022 at 10:18:29 PM UTC
Thanks James - my example was run on Mac, so I appreciate you adding some windows tips. Not sure why 1.1.1.1 wouldn't be responding though, perhaps your ISP blocks it?
by Pete Freitag on 08/31/2022 at 1:48:10 PM UTC

Post a Comment