How to Enable DNS-over-HTTPS (DoH) in Mozilla Firefox

When you visit a website, the web browser first translates the domain name (such as yahoo.com) to the IP address using the DNS server configured in your operating system. We actually offer a free tool Public DNS Server Tool that helps you quickly configure your Windows system to use one of the publicly available DNS servers.

But now Firefox browser (starting from version 62) has come up with a new feature called Trusted Recursive Resolver (TRR) which sets Firefox to use a secure DNS server of its own. For this feature, all the DNS resolution requests are sent over HTTPS and this is why only a DNS over HTTPS (DoH) complaint server can be used for this feature.

Here is how you can enable DoH in Firefox browser:

  1. Type about:config in the address bar and press Enter.
  2. When warning appears, click on the I accept the risk button.
  3. In the search box type trr to find the settings we want.Enable DNS over HTTPS in Firefox
  4. Double-click on network.trr.mode and set its value to 2.
  5. Double-click on network.trr.uri and set its value to https://mozilla.cloudflare-dns.com/dns-query.
  6. That’s it, your Firefox browser is all set to use DoH. You can now check which DNS server Firefox is using by visiting http://www.whatsmydnsserver.com/.Enable DNS over HTTPS in Firefox

By setting the network.trr.mode to 2, you instruct Firefox to use a fallback mode – it first tries DoH server but if it fails, then it uses the insecure DNS server configured for your network interface. If you want Firefox to use only and only DoH, then you can set network.trr.mode to 3.

The network.trr.uri setting is used to specify the DoH server. Currently, there are only two DoH servers available for everyone – Cloudflare server (https://mozilla.cloudflare-dns.com/dns-query) and Google’s server (https://dns.google.com/experimental). The latter is experimental and sometimes fails to work.

By enabling DoH in Firefox, all the DNS traffic is transferred over secure HTTPS protocol and prevents your ISP or any third party to find out which domains you are trying to access. While this gives you more privacy, some experts are concerned that it will lead everyone’s DNS traffic to be read by Cloudflare.