Firefox DNS-over-HTTPS

No one has helped translate this article yet. If you already know how localizing for SUMO works, start translating now. If you want to learn how to translate articles for SUMO, please start here.

About DNS-over-HTTPS

When you type a web address or domain name into your address bar (example: www.mozilla.org), your browser sends a request over the Internet to look up the IP address for that website.

Traditionally, this request is sent to servers over a plain text connection. This connection is not encrypted, making it easy for third-parties to see what website you’re about to access.

DNS-over-HTTPS (DoH) works differently. It sends the domain name you typed to a DoH-compatible DNS server using an encrypted HTTPS connection instead of a plain text one. This prevents third-parties from seeing what websites you are trying to access.

Benefits

DoH improves privacy by hiding domain name lookups from someone lurking on public WiFi, your ISP, or anyone else on your local network. DoH, when enabled, ensures that your ISP cannot collect and sell personal information related to your browsing behavior.

Risks

  • Some individuals and organizations rely on DNS to block malware, enable parental controls, or filter your browser’s access to websites. When enabled, DoH bypasses your local DNS resolver and defeats these special policies. Firefox allows users (via settings) and organizations (via enterprise policies and a canary domain lookup) to disable DoH when it interferes with a preferred policy.
  • In the US, Firefox by default directs DoH queries to DNS servers that are operated by CloudFlare, meaning that CloudFlare has the ability to see users' queries. Mozilla has a strong Trusted Recursive Resolver (TRR) policy in place that forbids CloudFlare or any other DoH partner from collecting personal identifying information. To mitigate this risk, our partners are contractually bound to adhere to this policy.
  • DoH could be slower than traditional DNS queries, but in testing we found that the impact is minimal and in many cases DoH is faster.

Enabling and disabling DNS-over-HTTPS

You can enable or disable DoH in your Firefox connection settings:

  1. Click the menu button New Fx Menu Fx57Menu and choose Options.Preferences.
  2. In the General panel, scroll down to Network Settings and click the Settings… button.
  3. In the dialog box that opens, scroll down to Enable DNS over HTTPS.
    • On: Select the Enable DNS over HTTPS checkbox. Select a provider or set up a custom provider.
    • Off: Deselect the Enable DNS over HTTPS checkbox.
    toggle doh
  4. Click OK to save your changes and close the window.

Switching providers

  1. Click the menu button New Fx Menu Fx57Menu and choose Options.Preferences.
  2. Scroll down to Network Settings and click the Settings… button.
  3. Click the drop-down under Enable DNS over HTTPS to select a provider.
    change dns provider

Excluding specific domains

You can configure exceptions so that Firefox uses your OS resolver instead of DOH:

  1. In the address bar, type about:config and press EnterReturn.

    • The about:config "This might void your warranty!" warning page may appear. Click I accept the risk! to continue to the about:config page.
  2. Find and double-click the network.trr.excluded-domains preference.
    • To quickly find it, enter excluded-domains in the Search field above the list of preferences.
  3. Add domains, separated by commas, to the list and click OK. (Note: Do not remove any domains from the list.)
A note about subdomains: Firefox will check all the domains you've listed in network.trr.excluded-domains and their subdomains. For instance, if you enter example.com, Firefox will also exclude www.example.com.

Configuring Networks to Disable DOH

See Configuring Networks to Disable DNS over HTTPS

// Disse udmærkede personer hjalp med at skrive denne artikel:AliceWyman, Michele Rodaro, Joni, Lamont Gardenhire. Du kan også hjælpe - find ud af hvordan.

Hjalp denne artikel? Vent venligst...

Bliv frivillig hos Mozilla Support