In Firefox 62, Mozilla has added two new features called DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR). The ideal behind each of these features is to improve user privacy and improved performance. DNS has typically been sent over insecure HTTP allowing anyone on the wire, such as your ISP, to monitor what sites you are visiting.
Below we’ll look at how to enable TRR you can tell Firefox to make DoH it’s first choice and use the system DNS as a fallback option.
which mean Firefox can ignore the local resolver that network provides and straight to Blahdns.com
Setting up DoH
// about:config 1. search: "network.trr" 2. network.trr.mode: 3 ## 2 try trr first, ## 3 force DoH only 3. network.trr.uri: https://doh-jp.blahdns.com/dns-query 4. network.trr.bootstrapAddress : 22.214.171.124 ## only accept 126.96.36.199 or 188.8.131.52 5. network.trr.disable-ECS : false # Optional 6. network.trr.useGET : false
The second feature we will be enabled is Encrypted SNI, which prevents others from intercepting the TLS SNI extension and use it to determine what websites you are browsing.
// search network.security.esni.enabled network.security.esni.enabled : true
Go to about:networking#dns and try dns wether its working or not !
Doh alternative: https://mozilla.cloudflare-dns.com/dns-query