From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-user+bounces-200585-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4DFE315802F for <garchives@archives.gentoo.org>; Mon, 6 Mar 2023 10:56:44 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D8407E092A; Mon, 6 Mar 2023 10:56:39 +0000 (UTC) Received: from mail-out-auth3.hosts.co.uk (mail-out-auth3.hosts.co.uk [85.233.191.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 92187E090E for <gentoo-user@lists.gentoo.org>; Mon, 6 Mar 2023 10:56:39 +0000 (UTC) Received: from host86-157-72-214.range86-157.btcentralplus.com ([86.157.72.214] helo=[192.168.1.99]) by smtp.hosts.co.uk with esmtpa (Exim) (envelope-from <antlists@youngman.org.uk>) id 1pZ8WD-0007aZ-FM for gentoo-user@lists.gentoo.org; Mon, 06 Mar 2023 10:56:38 +0000 Message-ID: <d4b7078e-11f7-bb57-7669-e0797d24fea9@youngman.org.uk> Date: Mon, 6 Mar 2023 10:56:37 +0000 Precedence: bulk List-Post: <mailto:gentoo-user@lists.gentoo.org> List-Help: <mailto:gentoo-user+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-user.gentoo.org> X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [gentoo-user] Setting a fixed nameserver for openvpn Content-Language: en-GB To: gentoo-user@lists.gentoo.org References: <ec676d91-ed7d-00c2-d6c4-f0b4f5773b62@gmail.com> <20230306080824.434db1e4@digimed.co.uk> <79619ab8-9840-667b-f398-4da04049f474@youngman.org.uk> <2137053.irdbgypaU6@lenovo.localdomain> From: Wols Lists <antlists@youngman.org.uk> In-Reply-To: <2137053.irdbgypaU6@lenovo.localdomain> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 404fc47b-95fe-4305-a8a1-92c3da6d36ee X-Archives-Hash: 9ed01bfad6b7b26b865d72936c81976b On 06/03/2023 10:06, Michael wrote: > On Monday, 6 March 2023 08:24:35 GMT Wols Lists wrote: >> On 06/03/2023 08:08, Neil Bothwick wrote: >>> On Mon, 6 Mar 2023 07:54:51 +0000, Wols Lists wrote: >>>> There's another file - can't remember its name - that tells your >>>> resolver what to try in what order - the hosts file, dns, what dhcp >>>> told you, etc etc, so your resolver might not be using dns the way you >>>> think. >>> >>> Do you mean /etc/nsswitch.conf? >> >> Ah yes. Any idea why Firefox seems to ignore it? Whenever I try to >> browse to local machines in /etc/hosts, firefox gives me a google search >> page which is a bloody nuisance. If I type a VALID ADDRESS in the >> ADDRESS BAR, that's where I expect to go! Not some damn random search page! >> >> Cheers, >> Wol > > I suspect the behaviour you noticed is related to FF functionality like TRR > (Trusted Recursive Resolver) farming all your DNS queries over to the > cloudfarce honeypot. > > Have a look here if you want to disable it: > > https://wiki.archlinux.org/title/Firefox/Privacy#Disable/ > enforce_'Trusted_Recursive_Resolver' Thanks. That led me to network.trr.allow-rfc1918, which provided your name has a dot in it ! appears to resolve addresses from /etc/hosts. I guess that actually means firefox uses your local resolver first, and if it returns an rfc1918 address, will use it. Surely that should be the default! It shouldn't break a PRIVATE network in the name of security !!! Cheers, Wol