Trusted Recursive Resolver: Difference between revisions

Trusted Recursive Resolver (view source)

Revision as of 20:30, 7 October 2019

203 bytes added , 7 October 2019

Updated request timeout prefs. Updated notes on DNS enhanced services (rfc1918 is not allowed by default - see pref), botnets are not affected by TRR.

Valentin.gosu

Confirmed users

92

edits

@@ Line 59: / Line 59: @@
 Entries are added to the TRR blacklist when the resolution fails with TRR but works with the native resolver, or if the subsequent connection with a TRR resolved host name fails but works with a retry that is resolved natively. When a hostname is added to the TRR, its domain gets checked in the background to see if the whole domain should be blacklisted to ensure a smoother ride going forward.
-=== network.trr.request-timeout ===
+=== network.trr.request_timeout_ms ===
-(default: 3000) is the number of milliseconds a request and the corresponding response from the DoH server is allowed to take until considered failed and discarded.
+(default: 1500) is the number of milliseconds a request and the corresponding response from the DoH server is allowed to take until considered failed and discarded.
+=== network.trr.request_timeout_mode_trronly_ms ===
+(default: 30000) is the number of milliseconds a request and the corresponding response from the DoH server is allowed to take until considered failed and discarded in TRR-only mode.
 === network.trr.early-AAAA ===
@@ Line 100: / Line 104: @@
 to "example.com".
-== Gotchas ==
+== Notes ==
+=== DNS ===
-=== Security ===
+TRR bypasses system DNS so you might not be using any 'enhanced' DNS services provided by your default DNS server which may include Web Content Filtering or basic Malware Protection, phishing protection.
-Warning: if you were relying on an 'enhanced' DNS service for Web Content Filtering or basic Malware/Botnet Protection, phishing protection, or RFC 1918 filtering, you won't be using it anymore (at least in Firefox) if you enable TRR.
 == See also ==