Updated on July 20, 2019
In Firefox 62, Mozilla has added two new features called DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR). The ideal behind each of these features is to improve user privacy and improved performance. DNS has typically been sent over insecure HTTP allowing anyone on the wire, such as your ISP, to monitor what sites you are visiting.
Below we’ll look at how to enable TRR you can tell Firefox to make DoH it’s the first choice and use the system DNS as a fallback option.
which mean Firefox can ignore the local resolver that network provides and straight to Blahdns.com
Setting up DoH
Modern Firefox way
// about:config 1. search: "network.trr" 2. network.trr.mode: 3 ## 2 try trr first, ## 3 force DoH only 3. network.trr.uri: https://doh-jp.blahdns.com/dns-query 4. network.trr.bootstrapAddress : 220.127.116.11 ## If this enabled, will ignore system default DNS resolver 5. network.trr.disable-ECS : false # Optional 6. network.trr.useGET : false # Optional
The second feature we will be enabled is Encrypted SNI, which prevents others from intercepting the TLS SNI extension and use it to determine what websites you are browsing.
// search network.security.esni.enabled network.security.esni.enabled : true
Go to about:networking#dns and try DNS whether its working or not!