The DNS-over-HTTPS (DoH) protocol is currently the talk of the town, and the Firefox browser is the only one to support it.
However, the feature is not enabled by default for Firefox users, who will have to go through many hoops and modify multiple settings before they can get the DoH up and running.
But before we go into a step-by-step tutorial on how someone can enable DoH support in Firefox, let’s describe what it does first.
How DNS-over-HTTPS works
The DNS-over-HTTPS protocol works by taking a domain name that a user has typed in their browser and sending a query to a DNS server to learn the numerical IP address of the web server that hosts that specific site.
This is how normal DNS works, too. However, DoH takes the DNS query and sends it to a DoH-compatible DNS server (resolver) via an encrypted HTTPS connection on port 443, rather than plaintext on port 53.
This way, DoH hides DNS queries inside regular HTTPS traffic, so third-party observers won’t be able to sniff traffic and tell what DNS queries users have run and infer what websites they are about to access.
Further, a secondary feature of DNS-over-HTTPS is that the protocol works at the app level. Apps can come with internally hardcoded lists of DoH-compatible DNS resolvers where they can send DoH queries.
This mode of operation bypasses the default DNS settings that exist at the OS level, which, in most cases are the ones set by local internet service providers (ISPs).
This also means that apps that support DoH can effectively bypass local ISPs traffic filters and access content that may be blocked by a local telco or local government — and a reason why DoH is currently hailed as a boon for users’ privacy and security.
This is one of the reasons that DoH has gained quite the popularity in less than two years after it launched, and a reason why a group of UK ISPs nominated Mozilla for the award of 2019 Internet Vilain for its plans to support the DoH protocol, which they said would thwart their efforts in filtering bad traffic.
As a response, and due to the complex situation in the UK where the government blocks access to copyright-infringing content, and where ISPs voluntarily block access to child abuse website, Mozilla has decided not to enable this feature by default for British users.
The below step-by-step guide will show Firefox users in the UK and Firefox users all over the world how to enable the feature right now, and not wait until Mozilla enables it later down the road — if it will ever do. There are two methods of enabling DoH support in Firefox.
Method 1 – via the Firefox settings
Step 1: Go to the Firefox menu, choose Tools, and then Preferences. Optionally type about:preferences in the URL bar and press enter. This will open the Firefox prerences section.
Step 2: In the General section, scroll down to the Network Settings panel, and press the Settings button.
Step 3: In the popup, scroll down and select “Enable DNS over HTTPS,” then configure your desired DoH resolver. You can use the built in Cloudflare resolver (a company with which Mozilla has reached an agreement to log less data about Firefox users), or use one of your choice, from this list.
Method 2 – via about:config
Step 1: Type about:config in the URL bar and press Enter to access Firefox’s hidden configuration panel. Here users will need to enable and modify three settings.
Step 2: The first setting is network.trr.mode. This turns on DoH support. This setting supports four values:
- 0 – Default value in standard Firefox installations (currently is 5, which means DoH is disabled)
- 1 – DoH is enabled, but Firefox picks if it uses DoH or regular DNS based on which returns faster query responses
- 2 – DoH is enabled, and regular DNS works as a backup
- 3 – DoH is enabled, and regular DNS is disabled
- 5 – DoH is disabled
A value of 2 works best.
Step 3: The second setting that needs to be modified is network.trr.uri. This is the URL of the DoH-compatible DNS server where Firefox will send DoH DNS queries. By default, Firefox uses Cloudflare’s DoH service located at https://mozilla.cloudflare-dns.com/dns-query. However, users can use their own DoH server URL. They can select one from the many available servers, from this list, here. The reason why Mozilla uses Cloudflare in Firefox is because the companies reached an agreement following which Cloudflare would collect very little data on DoH queries coming from Firefox users.
Step 4: The third setting is optional and you can skip this one. But if things don’t work, you can use this one as a backup for Step 3. The option is called network.trr.bootstrapAddress and is an input field where users can enter the numerical IP address of the DoH-compatible DNS resolver they entered in Step 3. For Cloudflare, that would be 18.104.22.168. For Google’s service, that would be 22.214.171.124. If you used another DoH resolver’s URL, you’ll need to track down that server’s IP and enter it here, if ever necesarry.
Normally, the URL entered in Step 3 should be enough, though.
Settings should apply right away, but in case they don’t work, give Firefox a restart.
Article source: Mozilla Wiki