Additional value for TRR to "...disable DoH under all circumstances."

[grauenwolfe]

Read this link from r/firefox earlier today Mozilla's new DNS resolution is dangerous and noticed a bit of extra info not found in our user.js. Currently, 0707: disable (or setup) DNS-over-HTTPS lists 0 as "off". This Mozilla page suggests a value of 5 to "disable DoH under all circumstances."

Note: Blog is for Nightly so it's subject to change at any time but probably worth keeping an eye on.

Item 3 at the bottom of the page:

3] Change network.trr.mode to 2 to enable DoH. This will try and use DoH but will fallback to insecure > DNS under some circumstances like captive portals. (Use mode 5 to disable DoH under all
circumstances.)

[claustromaniac]

Related https://gist.github.com/bagder/5e29101079e9ac78920ba2fc718aceec

5 - Off by choice This is the same as 0 but marks it as done by choice and not done by default.

Not sure what's the difference, though.

Nice tip for checking whether it is active or inactive:

Go to about:networking, click the DNS link in the left-side menu. That shows the contents of the in-memory DNS cache. The TRR column says "true" for host names that were resolved using TRR (DNS-over-HTTPS).

[earthlng]

value 5 was added in 61. It seems to be only used for telemetry purposes though. No need to change it IMO

[grauenwolfe]

Just following up. Seems a lot of aritcles appeared within hours of posting this.

If, and I doubt they will, ever flip DoH on, we can always revisit the values

Sounds good to me.