To signal that their local DNS resolver implements special features that make the network unsuitable for DoH, network administrators may configure their networks to modify DNS requests for the following special-purpose domain called a canary domain: use-application-dns.net.
Firefox will attempt to resolve this domain using the DNS server(s) configured in the operating system of the device, and examine the result. The result will be considered negative if:
- A response code other than NOERROR is returned, such as NXDOMAIN (non-existent domain) or SERVFAIL
- A NOERROR response code is returned, but contains neither A nor AAAA records
The result will be considered positive if:
- The query completes with NOERROR and contains A or AAAA records (or both)
A negative result will be a signal to disable application DNS, i.e. DoH.
The use of this domain is specified by Mozilla, as a limited-time measure until a method for signaling the presence of DNS-based content filtering is defined and adopted by an Internet standards body.