Enable DNS over HTTPS in Firefox

How to enable DNS over HTTPS in Firefox

DNS-over-HTTPS is a relatively young web protocol, implement about two years ago. It is intended to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. Here is how you can enable it in Mozilla Firefox.

Firefox is a popular web browser with its own rendering engine, which is very rare in the Chromium-based browser world. Since 2017, Firefox has the Quantum engine which comes with a refined user interface, codenamed "Photon". The browser doesn't include support for XUL-based add-ons any more, so all of the classic add-ons are deprecated and incompatible. See

Must have add-ons for Firefox Quantum

Thanks to the changes made to the engine and the UI, the browser is amazingly fast. The user interface of Firefox became more responsive and it also starts up noticeably faster. The engine renders web pages much faster than it ever did in the Gecko era.

Firefox supports DNS over HTTPS (DoH) out of the box, but you need to perform extra steps to activate it. First of all, you need to specify the DoH servers you want to use in Firefox.

To enable DNS over HTTPS in Firefox,

  1. Open the Firefox browser.
  2. Click on its main menu hamburger button.
  3. Select Options from the main menu.Firefox Menu Options Items
  4. Click on General on the left.
  5. Go to Network Settings on the right and click on the Settings button.Firefox Network Settings Button
  6. Turn on the Enable DNS over HTTPS option.Firefox Enable DoH
  7. Select a DoH provider or enter a custom service address. The default is CloudFlare. Firefox Enable DoH DNS Over HTTPS

You are done!

You can pick a DoH service address from HERE. Some quick addresses:

  • https://dns.google/dns-query
  • https://doh.opendns.com/dns-query
  • https://dns.adguard.com/dns-query
  • https://cloudflare-dns.com/dns-query

Additionally, you can fine-tune the DoH feature to restrict all DNS queries to a DoH resolver. Here's how.

Change DoH Resolver Mode in Firefox

  1. Open Firefox.
  2. In a new tab, type about:config in the address bar.
  3. Click I accept the risk.Firefox About:config Warning
  4. In the search box, type network.trr.mode.Firefox Configure DoH DNS Over HTTPS
  5. Set the network.trr.mode option to one other following values:
    • 0 - Off (default). use standard native resolving only (don't use TRR at all)
    • 1 - Reserved (used to be Race mode)
    • 2 - First. Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
    • 3 - Only. Only use TRR. Never use the native (This mode also requires the bootstrapAddress pref to be set)
    • 4 - Reserved (used to be Shadow mode)
    • 5 - Off by choice. This is the same as 0 but marks it as done by choice and not done by default
  6. So, to force all DNS queries over the DoH resolver, set network.trr.mode to 3.

You are done!

Test your DNS-Over-HTTPS configuration

To test whether you are now using DoH to resolve DNS queries, you can go to Cloudflare's Browsing Experience Security Check page and click on the Check my browser button. The web page will now perform a variety of tests. You should see the green check mark next to Secure DNS and TLS 1.3.

Firefox DoH Enabled

It is worth mentioning that the native DoH support is coming soon to Windows 10:

Windows 10 Will Support DNS over HTTPS Natively

That's it.

4 thoughts on “Enable DNS over HTTPS in Firefox

  1. Dave

    I’m not getting the same results. (Firefox 68.2 ESR)

    On the test page you linked I get “? + ? ?” with “Enable DNS over HTTPS” off.
    When I turn it on with the default cloudflare I get “+ X + X”.
    When on it seems to override the DNS adresses in my adapter settings.

    Notes: + stands for the check mark.
    I’ve manually set Opendns ipv4 and ipv6 adresses for my DNS in my primary adpapter settings.
    The results don’t change when I use my VPN with the Tap Adapter and the DNS settings on it are set to auto.

    Reply
    1. Sergey Tkachenko Post author

      + x + x indicates that you have DoH enabled. Everything is fine.

      Reply
  2. Dave

    “3 – Only. Only use TRR. Never use the native (This mode also requires the bootstrapAddress pref to be set)”

    And how do we set the bootstrapAddress pref? Because if I set “network.trr.mode” to 3, I can’t connect to anything.

    Notes:
    #1 I switched back to the cloudflare dns in my adapter settings because using opendns was causing me to have to refresh webpages several times to get them fully loaded in all browsers.

    #2 I noticed FF was now leaking dns requests when using my vpn (https://ipleak.net/). It didn’t last time I checked it. Enabling the “DNS over HTTPS in Firefox” (using the default) has cured this.

    Reply
  3. Dave

    NVM, found it myself.

    Open Firefox.
    In a new tab, type about:config in the address bar.
    Click I accept the risk.
    In the search box, type “network.trr.bootstrapaddress”
    Change the value to 1.1.1.1 (or whatever your primary dns address is)
    Restart Firefox

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *