Thx! And seems that `use-application-dns.net` works for me. But I will still consider replacing Firefox, because this behavior, which is inconsistent with the settings, is unacceptable to me. However, I'm glad I learned a new thing, thx again :)
No problem. I've never see Firefox exhibit this behavior. Out of curiosity have you started in safe mode disabling all the addons and does it still do this?
Interesting. If network.trr.mode is set to 5 this should not be occurring. If there is no plan to use FF again then I suppose submitting a bug would be a waste of time. Perhaps others will run into whatever condition is causing this behavior or perhaps it would happen on mine and my blackhole routes are breaking it.
Can you confirm the full technical method you were using to see DoH traffic? i.e. Destination IP/port/protocol
Suggested capture methods:
tcpdump -p --dont-verify-checksums -i any -NNnntt -B32768 -c2000 -s0 proto 6 and 'tcp[13] == 2' and not host ${Your_Router_IP} &
tcpdump -p --dont-verify-checksums -i any -NNnntt -B32768 -c4000 -s0 proto 17 and not host ${Your_Router_IP} and 'length <256' &
Don't paste the output, just suggestions for capturing HTTPS SYN and QUIC over UDP.
For what it's worth they have added a lot more outbound crap. Even using user.js [1] there is still a lot of leaky outbound noise. Loads of connections to fastly, cloudfront and others. It has gotten worse with time. I would probably also consider using a different browser but I can not give up the addons I use in Firefox. I will just blackhole route those CDN's and see what breaks.
