DNS-over-HTTPS (DoH) is a much-discussed feature right now, and Firefox is the only one that supports it.
However, the feature is not enabled by default for Firefox users, and below we will see how to enable it.
But before we get to the driver, let's first describe what the new protocol does.
How DNS-over-HTTPS works
The DNS-over-HTTPS protocol works by taking the domain that a user typed into the browser and sending a query to a DNS server to find out the numeric IP address of the web server that hosts that particular site.
This is how the normal DNS works. However, DoH receives the DNS query and sends it to a DoH-compatible DNS (resolver) server via an encrypted HTTPS connection on the 443 port instead of as a plain text on the 53 port.
In this way, DoH hides DNS queries through HTTPS, so a third party who monitors your connections will not be able to invade traffic and change the DNS queries you send.
In addition, a secondary feature of DNS-over-HTTPS is that the protocol also works at application level. Applications can contain internal hardcoded lists of DoH-compatible DNS resolvers where they can send DoH queries.
This mode overrides the default DNS settings at the operating system level, which in most cases are those defined by local ISPs.
This also means that applications that support DoH can effectively bypass local ISP filters and even access to blocked content.
Here's how you can enable DNS-over-HTTPS on your Firefox until Mozilla decides to enable it by default - if it ever does.
Open the internal address about: config to access the hidden configuration panel of Firefox. Here we need to modify three settings.
The first setting is network.trr.mode. Enables DoH support. This setting supports four values:
0 - DoH is off
1 - DoH is enabled, but Firefox chooses whether to use the DoH protocol or normal DNS depending on which returns faster answers to queries.
2 - DoH is enabled and normal DNS acts as a backup
3 - DoH is enabled and normal DNS is disabled
The 2 value seems to work fine.
The second setting to be modified is network.trr.uri. This is the URL of a DoH-compatible DNS server, and Firefox will send DNS DoH queries.
By default, Firefox uses the Cloudflare DoH service located at
https://mozilla.cloudflare-dns.com/dns-query
However, if you have a different one you can use your own URL for a DoH server. You can choose one of the many servers available, which are on this list.
The reason why Mozilla uses Cloudflare in Firefox is because the two companies reached an agreement after which Cloudflare will collect very little data from DoH queries from Firefox users.
The third setting is optional and you can skip it. The option is called network.trr.bootstrapAddress and is an input field where you can enter the numeric IP address of a DNS-compliant DNS. Cloudflare for example has IP 1.1.1.1. Google, IP 8.8.8.8.
The above settings should work immediately, but in case they do not work, restart Firefox.
______________