That's the moment you fire up Firefox without prefetch nor studies and enjoy the peaceful DNS logs without the constant telemetry calls to LinkedIn and to all interested 3rd parties, five eyes etc
A few of them actually do make sense for a normal user (i.e. the Wifi portal stuff). But you can disable it if you spend some effort on it or you can also use an alternative build of Firefox without it. Not great, but also not terrible imo. Sorry, that I have no English source.
On linux you can use IceCat. On windows, download simplewall and block pingsender.exe there. Should get rid of the queries if you combine it with userjs tweaking.
> On windows, download simplewall and block pingsender.exe there
Even if that works, it'll likely get patched out eventually with a forced update.
If you do insist on using Windows, an external firewall is the only way to be sure. But even that isn't foolproof since another update may decide that your Windows license isn't valid unless the analytics server is reachable.
Just setup pihole - you can run it on any server and use it as a local dns server. Probably somebody else has done the work to list these spammy domains.
If you just want FF to not use it you can block "use-application-dns.net" which acts as a canary domain for it to disable DoH.
If you want to block it from things you don't trust to have such methods (or always listen to them) you'll have to upgrade to a firewall that can filter outbound connections to IPs the client hasn't received a DNS response for or require use of an explicit HTTP proxy for outbound connectivity.
Just blocking DNS can be a good middle ground for reasonable effectiveness without as much effort.
thank you for the tip!
I use an OpenWrt acces point that is on my desk and uses dnsblocking through blacklists. This way I have a wired and wifi network that block the most annoying stuff by default. It also integrates nicely with wireguard too.
