In the next Firefox, Cloudflare is expected to be available as a DNS inquiry destination

by Jake Blucker

In " Firefox 62 " scheduled to be released in September 2018, DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR) are introduced, and DNS inquiries are sent to Cloudflare, which provides content delivery network service It seems to be able to do it. If it is implemented, DNS blocking can be avoided, but on the other hand it is also pointed out that it has hazards.

ungleich Blog - Mozilla's new DNS resolution is dangerous
https://blog.ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-new-dns-resolution-is-dangerous/

Improving DNS Privacy in Firefox - Firefox Nightly News
https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/

"DNS" stands for "domain name system". Internet connection is done by specifying the IP address of the other party, but it is hard to manage 3 digit number x 4 block IP address, so it is difficult to remember the domain name ("gigazine.net" or "yahoo. It is a system that manages and operates so that it can be connected with).

DNS has a root server at the top level, and a hierarchical structure under it is a server that manages each domain. Communication from the user is first sent to the inquiry server where the IP address of the root server is recorded, and the IP address is sequentially inquired from there.

Firefox 62 allows you to query this IP address for Cloudflare. In the United States, in December 2017 the "net neutrality" regulation was abolished , there was concern that the interaction with the DNS server was a plain text, and there was an opinion that encryption by DoH was necessary.

In the blog "Let's be a hybrid route", the objective of this measure is to " eliminate such influence", such as "It is a country that monitors DNS history " or "There is a country that is interfacing with DNS for Web censorship including Japan" Wow "is expected.

Cloudflare has just begun offering the DNS service "1.1.1.1", which focused on privacy in April 2018.

However, even in " ungleich " or "let's be on a hybrid route", Cloudflare is only one company in the US, the possibility that the company's policy changes and the manner of handling information changes, and information agencies such as NSA and CIA Pointed out the dangers of having backdoors.

In addition, unlike the indication in ungleich, it seems that it is necessary to turn on from "about: config", in fact it is off by default that the setting to do DNS query to Cloudflare is turned off by default.