How to enable DNS over HTTPS in Firefox
DNS-over-HTTPS is a relatively young web protocol, implement about two years ago. It is intended to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. Here is how you can enable it in Mozilla Firefox.
Firefox is a popular web browser with its own rendering engine, which is very rare in the Chromium-based browser world. Since 2017, Firefox has the Quantum engine which comes with a refined user interface, codenamed "Photon". The browser doesn't include support for XUL-based add-ons any more, so all of the classic add-ons are deprecated and incompatible. See
Thanks to the changes made to the engine and the UI, the browser is amazingly fast. The user interface of Firefox became more responsive and it also starts up noticeably faster. The engine renders web pages much faster than it ever did in the Gecko era.
Firefox supports DNS over HTTPS (DoH) out of the box, but you need to perform extra steps to activate it. First of all, you need to specify the DoH servers you want to use in Firefox.
To enable DNS over HTTPS in Firefox,
- Open the Firefox browser.
- Click on its main menu hamburger button.
- Select Options from the main menu.
- Click on General on the left.
- Go to Network Settings on the right and click on the Settings button.
- Turn on the Enable DNS over HTTPS option.
- Select a DoH provider or enter a custom service address. The default is CloudFlare.
You are done!
You can pick a DoH service address from HERE. Some quick addresses:
Additionally, you can fine-tune the DoH feature to restrict all DNS queries to a DoH resolver. Here's how.
Change DoH Resolver Mode in Firefox
- Open Firefox.
- In a new tab, type
about:configin the address bar.
- Click I accept the risk.
- In the search box, type
- Set the network.trr.mode option to one other following values:
- 0 - Off (default). use standard native resolving only (don't use TRR at all)
- 1 - Reserved (used to be Race mode)
- 2 - First. Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
- 3 - Only. Only use TRR. Never use the native (This mode also requires the bootstrapAddress pref to be set)
- 4 - Reserved (used to be Shadow mode)
- 5 - Off by choice. This is the same as 0 but marks it as done by choice and not done by default
- So, to force all DNS queries over the DoH resolver, set network.trr.mode to 3.
You are done!
Test your DNS-Over-HTTPS configuration
To test whether you are now using DoH to resolve DNS queries, you can go to Cloudflare's Browsing Experience Security Check page and click on the Check my browser button. The web page will now perform a variety of tests. You should see the green check mark next to Secure DNS and TLS 1.3.
It is worth mentioning that the native DoH support is coming soon to Windows 10: