Categories:

Mozilla Firefox enable DNS-over-https

Introduction

Updated on July 20, 2019

In Firefox 62, Mozilla has added two new features called DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR). The ideal behind each of these features is to improve user privacy and improved performance. DNS has typically been sent over insecure HTTP allowing anyone on the wire, such as your ISP, to monitor what sites you are visiting.

Below we’ll look at how to enable TRR you can tell Firefox to make DoH it’s the first choice and use the system DNS as a fallback option.

which mean Firefox can ignore the local resolver that network provides and straight to Blahdns.com

Setting up DoH

Modern Firefox way

Classic way

Example of DoH in Mozilla firefox

// about:config
1. search: "network.trr"
2. network.trr.mode: 3 ## 2 try trr first, ## 3 force DoH only
3. network.trr.uri: https://doh-jp.blahdns.com/dns-query
4. network.trr.bootstrapAddress : 1.0.0.1 ## If this enabled, will ignore system default DNS resolver
5. network.trr.disable-ECS : false # Optional
6. network.trr.useGET : false  # Optional

The second feature we will be enabled is Encrypted SNI, which prevents others from intercepting the TLS SNI extension and use it to determine what websites you are browsing.

//  search network.security.esni.enabled
network.security.esni.enabled : true

Last step

Go to about:networking#dns and try DNS whether its working or not!