BJSchmidt

chmod 700 ~/.ssh
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts
chmod 644 ~/.ssh/config
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/*.pub

BJSchmidt

You're trying to resolve a.b.c.com

1. Case 1:
   • All subdomains of c.com share it's nameserver
   • Your resolver knows about c.com's nameserver c.c.c.c
     • Without QNAME Minimization:
       1. The resolver sends a query for a.b.c.com, to c.c.c.c 2. C.com replies yeah, that's at x.x.x.x
     • With QNAME Minimization:
       1. The resolver sends a query for b.c.com, to c.c.c.c
2. c.c.c.c replies: That's me

BJSchmidt

Firefox recently introduced DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR) in nightly builds for Firefox 62.

DoH and TRR are intended to help mitigate these potential privacy and security concerns:

1. Untrustworthy DNS resolvers tracking your requests, or tampering with responses from DNS servers.
2. On-path routers tracking or tampering in the same way.
3. DNS servers tracking your DNS requests.

DNS over HTTPs (DoH) encrypts DNS requests and responses, protecting against on-path eavesdropping, tracking, and response tampering.

Trusted Recursive Resolver (TRR) allows Firefox to use a DNS resolver that's different from your machines network settings. You can use any recursive resolver that is compatible with DoH, but it should be a trusted resolver (one that won't sell users’ data or trick users with spoofed DNS). Mozilla is partnering with Cloudflare (but not using the 1.1.1.1 address) as the initial default TRR, however it's possible to use another 3rd party TRR or run