How to enable DNS over HTTPS in Firefox
DNS-over-HTTPS is a relatively young web protocol, implement about two years ago. It is intended to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. Here is how you can enable it in Mozilla Firefox.
Advertisеment
Firefox is a popular web browser with its own rendering engine, which is very rare in the Chromium-based browser world. Since 2017, Firefox has the Quantum engine which comes with a refined user interface, codenamed "Photon". The browser doesn't include support for XUL-based add-ons any more, so all of the classic add-ons are deprecated and incompatible. See
Must have add-ons for Firefox Quantum
Thanks to the changes made to the engine and the UI, the browser is amazingly fast. The user interface of Firefox became more responsive and it also starts up noticeably faster. The engine renders web pages much faster than it ever did in the Gecko era.
Firefox supports DNS over HTTPS (DoH) out of the box, but you need to perform extra steps to activate it. First of all, you need to specify the DoH servers you want to use in Firefox.
To enable DNS over HTTPS in Firefox,
- Open the Firefox browser.
- Click on its main menu hamburger button.
- Select Options from the main menu.
- Click on General on the left.
- Go to Network Settings on the right and click on the Settings button.
- Turn on the Enable DNS over HTTPS option.
- Select a DoH provider or enter a custom service address. The default is CloudFlare.
You are done!
You can pick a DoH service address from HERE. Some quick addresses:
- https://dns.google/dns-query
- https://doh.opendns.com/dns-query
- https://dns.adguard.com/dns-query
- https://cloudflare-dns.com/dns-query
Additionally, you can fine-tune the DoH feature to restrict all DNS queries to a DoH resolver. Here's how.
Change DoH Resolver Mode in Firefox
- Open Firefox.
- In a new tab, type
about:config
in the address bar. - Click I accept the risk.
- In the search box, type
network.trr.mode
. - Set the network.trr.mode option to one other following values:
- 0 - Off (default). use standard native resolving only (don't use TRR at all)
- 1 - Reserved (used to be Race mode)
- 2 - First. Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
- 3 - Only. Only use TRR. Never use the native (This mode also requires the bootstrapAddress pref to be set)
- 4 - Reserved (used to be Shadow mode)
- 5 - Off by choice. This is the same as 0 but marks it as done by choice and not done by default
- So, to force all DNS queries over the DoH resolver, set network.trr.mode to 3.
You are done!
Test your DNS-Over-HTTPS configuration
To test whether you are now using DoH to resolve DNS queries, you can go to Cloudflare's Browsing Experience Security Check page and click on the Check my browser button. The web page will now perform a variety of tests. You should see the green check mark next to Secure DNS and TLS 1.3.
It is worth mentioning that the native DoH support is coming soon to Windows 10:
Windows 10 Will Support DNS over HTTPS Natively
That's it.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!
Advertisеment
I’m not getting the same results. (Firefox 68.2 ESR)
On the test page you linked I get “? + ? ?” with “Enable DNS over HTTPS” off.
When I turn it on with the default cloudflare I get “+ X + X”.
When on it seems to override the DNS adresses in my adapter settings.
Notes: + stands for the check mark.
I’ve manually set Opendns ipv4 and ipv6 adresses for my DNS in my primary adpapter settings.
The results don’t change when I use my VPN with the Tap Adapter and the DNS settings on it are set to auto.
+ x + x indicates that you have DoH enabled. Everything is fine.
“3 – Only. Only use TRR. Never use the native (This mode also requires the bootstrapAddress pref to be set)”
And how do we set the bootstrapAddress pref? Because if I set “network.trr.mode” to 3, I can’t connect to anything.
Notes:
#1 I switched back to the cloudflare dns in my adapter settings because using opendns was causing me to have to refresh webpages several times to get them fully loaded in all browsers.
#2 I noticed FF was now leaking dns requests when using my vpn (https://ipleak.net/). It didn’t last time I checked it. Enabling the “DNS over HTTPS in Firefox” (using the default) has cured this.
NVM, found it myself.
Open Firefox.
In a new tab, type about:config in the address bar.
Click I accept the risk.
In the search box, type “network.trr.bootstrapaddress”
Change the value to 1.1.1.1 (or whatever your primary dns address is)
Restart Firefox