Mozilla Firefox enable DNS-over-https

Introduction

UPDATED: 2019-02-27

In Firefox 62, Mozilla has added two new features called DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR). The ideal behind each of these features is to improve user privacy and improved performance. DNS has typically been sent over insecure HTTP allowing anyone on the wire, such as your ISP, to monitor what sites you are visiting.

Below we’ll look at how to enable TRR you can tell Firefox to make DoH it’s first choice and use the system DNS as a fallback option.

which mean Firefox can ignore the local resolver that network provides and straight to Blahdns.com

Setting up DoH

// about:config
1. search: "network.trr"
2. network.trr.mode: 3 ## 2 try trr first, ## 3 force DoH only
3. network.trr.uri: https://doh-jp.blahdns.com/dns-query
4. network.trr.bootstrapAddress : 1.0.0.1 ## only accept 1.1.1.1 or 1.0.0.1
5. network.trr.disable-ECS : false # Optional
6. network.trr.useGET : false 

Example of DoH in Mozilla firefox

The second feature we will be enabled is Encrypted SNI, which prevents others from intercepting the TLS SNI extension and use it to determine what websites you are browsing.

//  search network.security.esni.enabled
network.security.esni.enabled : true

Last step

Go to about:networking#dns and try dns wether its working or not ! 

Doh alternative: https://mozilla.cloudflare-dns.com/dns-query