The DNS-over-HTTPS (DoH) protocol is currently the main topic of conversation, and the only browser that supports it is Firefox. However, the feature is not enabled by default for Firefox users, who must jump through hoops and change multiple settings before they can use the DoH. But, before we get into a step-by-step tutorial on how to enable DoH support in Firefox, let’s first define what it does.
How DNS Over HTTPS (DoH) Works
The DNS-over-HTTPS protocol works by taking a user-entered domain name and sending a query to a DNS server to learn the numerical IP address of the webserver that hosts that specific site. This is also how regular DNS works. The Department of Homeland Security, on the other hand, takes the DNS query and sends it to a DoH-compatible DNS server (resolver) via an encrypted HTTPS connection on port 443, rather than plaintext on port 53.
DoH hides DNS queries within regular HTTPS traffic in this manner, making it impossible for third-party observers to sniff traffic and infer what DNS queries users have run and what websites they are about to access.
Furthermore, DNS-over-HTTPS works at the app level, which is a secondary feature of the protocol. Apps may include hardcoded lists of DoH-compatible DNS resolvers to which they can send DoH queries.
This mode of operation bypasses the OS’s default DNS settings, which are typically those set by local internet service providers (ISPs). This also means that apps that support DoH can effectively bypass local ISP traffic filters and access content that may be blocked by a local telco or local government, which is why DoH is being heralded as a boon for users’ privacy and security.
Advantage and Disadvantage of DNS Over HTTPS
- DoH protects your privacy by concealing domain name lookups from anyone on public WiFi, your ISP, or anyone else on your local network. When DoH is enabled, it prevents your ISP from collecting and selling personal information about your browsing habits.
- DNS is used by some individuals and organizations to block malware, enable parental controls, and filter your browser’s access to websites. When enabled, DoH bypasses your local DNS resolver, rendering these special policies ineffective. Firefox allows users (via settings) and organizations (via enterprise policies and a canary domain lookup) to disable DoH when it interferes with a preferred policy when it is enabled by default for users.
- Once DoH is enabled, Firefox defaults to directing DoH queries to DNS servers operated by a trusted partner who has access to users’ queries. Mozilla has enacted a strict Trusted Recursive Resolver (TRR) policy that prohibits our partners from collecting personally identifiable information. To reduce this risk, our partners are contractually obligated to follow this policy.
- DoH may be slower than traditional DNS queries, but in testing, we discovered that the impact is minimal and that DoH is often faster.
How to Setup DNS Over HTTPS in Firefox
The step-by-step guide below will show Firefox users all over the world how to enable the feature right now, rather than waiting for Mozilla to enable it later down the road – if it ever does. In Firefox, there are two ways to enable DoH support.
- Open Firefox application.
- In the URL bar, type about:preferences and press enter. This will take you to the Firefox Preferences page.
- Scroll down to the Network Settings panel in the General section and click the Settings button.
- Scroll down in the popup and select Enable DNS over HTTPS, then configure your desired DoH resolver. You can use the built-in Cloudflare resolver (a company with which Mozilla has agreed to log fewer data about Firefox users) or one from this list.
- Click OK to complete it.
Settings should apply right away, but in case they don’t work, give Firefox a restart.
These steps show you that setup DNS Over HTTPS in Firefox is simple but you still need to focus to make sure it works correctly. If you find any difficulties in the process drop your question in below comment box. Good luck!