No DNS in Firefox ESR when TRR set to 5 DNS-over-HTTPS disabled

Hi again!

Have a TW with mozilla repo added to have latest Firefox, was on 66.x before updating 2 days ago (zypper dup). Today I started the browser and all tabs had “trouble finding this page”, DNS in my network otherwise doing fine (unbound in the router).

I had manually set in about:config the “trr.enable” to 5 (completely disabling DNS-over-HTTPS) some weeks ago.

Hmm. Had a look at the version of FF: I was suddenly on the opensuse standard ESR 60.x…

I removed the ESR completely in YaST and reinstalled the 66 from Mozilla repo and Firefox is doing fine, can load all pages.

So apparently zypper dup switched my Firefox from mozilla to opensuse repo and downgraded it to ESR. How to avoid that in the future?

Why has FF ESR with completely disabled TRR no DNS at all? (I have the same experience on a freshly installed Debian with the same FF-ESR and trr.enable set to 5: No page loading at all. setting trr.eanble to 0 loads all pages just fine…)

Firefox is updated to 66.0.3 on Tumbleweed? Setting network.trr.enable to 5 is working fine here using local dns servers.

When doing a zypper dup, use verbosity (I use -vvv) as it will show you more details on what is being updated and from where if using additional repositories.

Many thanks for replying!

trr = 5 works fine on FF 66.x, but not if zypper dup downgrades FF to 60.x ESR. Is there any way to avoid this downgrading? Can I tell TW only use Mozilla repo for Firefox?

Or can I do somethink like

zypper up Firefox --from Mozilla

after zypper dup to force TW to have the latest FF from Mozilla repo after zypper dup? This morning YaST simply refused to install 66.x from Mozilla and always this ESR trash was reinstalled, although I chose 66.x from “Versions” for Firefox in “Software Management”…

Is trr = 5 not known in ESR FF or why is DNS collapsing with this setting?

Are you sure it’s MozillaFirefox that’s downgrading and not MozillaFirefox-branding-openSUSE (it’s at version 60-1.1).

Priorities are all at 99 for your repositories? Perhaps hit an out of sync mirror when updating…

What does the output show from forcing a refresh and a dup;

zypper ref -f
zypper -vvv dup

I’m not sure with anything regarding computers, I’m a pro-NOOB :wink: I nFF i did -> Help -> About and this morning (with non-functionla DNS) it showed FF ESR, now I’m back to FF 66.0.3 Quantum.

I tried zypper ref and zypper -vvv dup, but unfortunately it gives 383 updates, much to long to catch all from console. without -vvv I see no Firefox in the list…

Mozilla is the only extra repo configured and all have priority 99, but afaik the priority has no meaning at all, as I read in the opensuse wiki some time ago.

Priority does have meaning and relevance. But vendor-stickiness comes first, and often decides which repo you will use – assuming that the vendor information for the Mozilla repo is different from that for the oss repo.

Hmm, which means what?

Seems there are some problems anyway…

[rbrownsuse]( openSUSE Chairman4 points · [3 years ago](
dup will honour repo priorities, but this causes as many problems as it fixes

Consider the following fake example

  - Official Repo set to 98

  - Repo $foo set to 99

User  installs a package from repo $foo that is not present in the Official  Repos, but it requires dependencies that are in both the official repos  and Repo $foo. No problems initially, because the user is lucky enough  that both the official repo and $foo have compatible versions of those  dependancies....

For example, I set the packman repo to 97, with 99 for the main repos.

That gives a preference to the packman version of a package. But zypper won’t switch an existing package to packman unless I use “–allow-vendor-change”. However, if I install a new package (new to my computer), it will prefer the packman version.

Seems there are some problems anyway…

Of course. It isn’t magic. You still need to be careful about what repos you enable and about how you set their priorities.

If your’e interested in an alternative,

I’ve been running DNScrypt on my own machine for several years now, o complaints.
It will do encrypted DNS lookups for any query on your system for any app… not just Firefox which is the subject of this Forum thread.
It works by running a small, lightweight proxy on your local system which intercepts all DNS queries and redirects through the DNScrypt proxy which then connects to specific DNS servers which support the encrypted protocol.

Note that this is different than “Secure DNS” which for the most part is implemented only between DNS servers.
There are very few client/server solutions, and this is one, and possibly with the best reputation.

If there is any downside, it’s that this involves a tiny bit of extra complication if you need to troubleshoot, but this has been pretty reliable for me.


My DNS is perfectly fine, DNSSEC, DNS-over-TLS, thanks! :smiley:

I want to know:

  1. why FF ESR doesn’t have DNS with trr.enable set to “5”.

  2. how to stop zypper dup from switching FF from mozilla repo to FF ESR from standard repo.

Please! Two simple questions, is there an answer anywhere out there? :slight_smile:

On 2:
Look at the repo index no for the mozilla repo through

zypper lr

then do

zypper dup --from FOUND_INDEX_NO_HERE

I see NO Firefox ESR present on my Tumbleweed systems (20190426), it’s Quantum version 66.0.3, I would suspect Firefox ESR is coming from the Mozilla repository, not the default Tumbleweed OSS repository…

Perhaps you branding package is telling you one thing and the installed packages is different, you can check via;

zypper se -si MozillaFirefox
Loading repository data...
Reading installed packages...

S | Name                             | Type    | Version    | Arch   | Repository           
i | MozillaFirefox                   | package | 66.0.3-1.1 | x86_64 | Main Repository (OSS)
i | MozillaFirefox-branding-openSUSE | package | 60-1.1     | x86_64 | Main Repository (OSS)

Which repository are your packages coming from?

They should not switch once set up on a specific repository, unless there is some conflict, which zypper will inform you about on a zypper dup…

Hmm, apparently only ESR is from mozilla repo

…at least now, dunno what that looked like this morning, when TW refused to install 66.x and always reinstalled FF ESR.

So I don’t need do do nothing to prevent future switches of FF to the opensuse standard repo?

Then the only question is: Why has FF ESR no DNS with trr.enable set to “5”? :slight_smile:

PS: I changed the branding to “upstream” just 2-3 h ago…

The feature might not be present in that ESR release?