In about:config, set network.trr.mode to 3, and try again. This will tell Firefox to use only DoH. See Trusted Recursive Resolver - MozillaWiki for more information.
Have you tried with a clean profile and no extensions activated?
If you are using a router can you connect the computer directly to the modem and see if it works?
Can you indicate what you have tried so far?
Hmm. I have eliminated network issues by checking that DoH works on Windows (FF 89 - with same extensions) on same network as previously stated. Multiple manjaro machines not working - making it less likely to be profile issue IMHO.
Can somebody independently verify if this is working or not as per my original post? Should be simple enough to try and reproduce. Thanks in advance.
P.S. Corrected original post: Issue first discovered in FF 89.0-0.1 (although could have been present since earlier versions)
Hey thanks for testing! Was that on latest KDE stable by any chance?
I’m confident its not a network/country thing as I say it works on Windows on the same network. I should add that I have tried other providers as well to no avail.
Can you test on dnsleaktest.com which DNS you’re actually using?
You could try with curl -v -H "accept: application/dns-json" https://cloudflare-dns.com/dns-query\?name\=manjaro.org\&type\=A If you receive any response.
So the network DNS which FF falls back on is opendns. How does knowing that help? Remember my Windows FF can use DoH fine on same network.
$ curl -v -H "accept: application/dns-json" https://cloudflare-dns.com/dns-query\?name\=manjaro.org\&type\=A
* Trying ::ffff:146.112.61.106:443...
* Connected to cloudflare-dns.com (::ffff:146.112.61.106) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
There, you have it. The certificate is not working. Is your system fully up-to-date and the date and time correctly set?
The IPv6 address that you’re receiving is invalid. It should be 2606:4700::6810:f8f9 or 2606:4700::6810:f9f9.
If you check the IP that you receive, you’ll find out that it belongs to OpenDNS.
OpenDNS has filtering functionality and what have happened is that at some point they must have added the various DoH providers Ive been using to their blacklist. What threw me is that my Windows FF was able to use DoH without issue - I suspect what must be happening there is the corporate transparent proxy on my laptop is circumventing the blocking by OpenDNS somehow.
It sounds like the solution to this would be to change your systemwide DNS from opendns to anything else. I also recommend keeping network.trr.mode at 3 because Firefox will use only DoH with that setting.