[[Firefox DNS-over-HTTPS|DNS over HTTPS (DoH) ]] is a recommended feature that enhances privacy for everyone. When you type a web address into your address bar, Firefox sends a secure DNS request to look up the IP address for that website over the Internet. DNS over HTTPS protection can be configured in four different ways. __TOC__ =Configure DoH protection settings= Default Protection is automatically enabled in Firefox when DNS-over-HTTPS (DoH) is activated. If you would like to modify the settings or select a different level of protection, please follow these steps: #Click the menu [[Image:PhotonMenuButton]] button at the top right of the screen. #Click {menu Settings}. #Click {menu Privacy & Security} on the left. #Scroll down to the''' DNS ove HTTPS''' section. [[Image:DoH_protection_levels]] =Protection levels explained= ==Default Protection== The Default Protection automatically enables secure DNS in available regions and falls back to the default resolvers if there are issues. Default protection allows you to use local providers when possible. It disables DoH when VPN, parental control or enterprise policies are active or when a network tells Firefox not to use secure DNS. ==Increased protection== When Increased Protection is on, DoH is constantly active with the using the providers you select. We will only switch to a backup option if there are any issues with your chosen provider. ==Max Protection== Max protection will always use secure DNS and a security warning will show before falling back to your system DNS. ==Off== When secure DNS is off, you’ll use your default DNS resolver. =DoH Status Display= Based on the protection level you choose, the status indicator will reflect either Active, Not active, or Off. Choose the desired level of protection you want to use. Once you select a protection level, the status indicator will change, and you will see the corresponding provider for your selection. [[Image:DoH_status]] *'''Active:''' When status is active, Firefox is securely sending DNS quotes to ensue your online activities are protected. *'''Not active:''' Firefox detects errors or certain network conditions like VPN, parental controls, enterprise policies that tell Firefox not to use DoH. To learn more about error screens and therir meaning, see below. *'''off:''' DoH has been disabled. =Add sites to the Exceptions list= #Click the menu [[Image:PhotonMenuButton]] button at the top right of the screen. #Click {menu Settings}. #Click {menu Privacy & Security} on the left. #Click the {button Manage Exceptions button}. [[Image:doh_manage_exceptions]] =Frequently asked questions= ==What is a local provider?== A local provider is a DNS resolver that is hosted within a user's local network or Internet Service Provider (ISP). It allows users to secure their DNS queries and access the internet securely. ==Why would a network tell Firefox not to use secure DNS?== Some organizations restrict access to certain websites. If an organization has their own secure DNS, they will ask Firefox not to bypass it. For additional information on DNS-over-HTTPS, you can refer to some of the [[DNS-over-HTTPS (DoH) FAQs|commonly asked questions (FAQs)]]. ==What does my DoH status mean?== You may get an error screen for a variety of reasond including Firefox not being able to connectivity and website issues. *Firefox wasn't able to connect to provider or resolver. *The website won't load. *The connection to the provider took longer than expected. *You are not connected to the internet. *There was a problem with the provider or resolver. *Thes website doesn't exist. Here’s a detailed description of of the most common issues: {| class="wikitable" |- ! Name ! Code ! Description |- | TRR_FAILED | 7 | Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>. |- | TRR_DISABLED_FLAG | 10 | The website won’t load. |- | TRR_TIMEOUT | 11 | The connection to <Cloudflare, resolvername, or resolverdomain> took longer than expected. |- | TRR_CHANNEL_DNS_FAIL | 12 | Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>. |- | TRR_IS_OFFLINE | 13 | You are not connected to the internet. |- | TRR_NOT_CONFIRMED | 14 | Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>. |- | TRR_UNKNOWN_CHANNEL_FAILURE | 16 | Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>. |- | TRR_HOST_BLOCKED_TEMPORARY | 17 | The website won’t load. |- | TRR_SEND_FAILED | 18 | Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>. |- | TRR_NET_RESET | 19 | Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>. |- | TRR_NET_TIMEOUT | 20 | The connection to <Cloudflare, resolvername, or resolverdomain> took longer than expected. |- | TRR_NET_REFUSED | 21 | Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>. |- | TRR_NET_INTERRUPT | 22 | Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>. |- | TRR_NET_INADEQ_SEQURITY | 23 | Firefox wasn’t able to establish a secure connection to <Cloudflare, resolvername, or resolverdomain>. |- | TRR_NO_ANSWERS | 24 | This website wasn’t found by <Cloudflare, resolvername, or resolverdomain>. |- | TRR_DECODE_FAILED | 25 | There was a problem with <Cloudflare, resolvername, or resolverdomain>. |- | TRR_SERVER_RESPONSE_ERR | 27 | There was a problem with <Cloudflare, resolvername, or resolverdomain>. |- | TRR_RCODE_FAIL | 28 | There was a problem with <Cloudflare, resolvername, or resolverdomain>. |- | TRR_NO_CONNECTIVITY | 29 | You are not connected to the internet. |- | TRR_NXDOMAIN | 30 | This website doesn’t exist. |- | TRR_REQ_CANCELLED | 31 | Your request to visit this website was cancelled. |- | TRR_HEURISTIC_TRIPPED_CANARY | 40 | DNS over HTTPS has been disabled on your network. |}

DNS over HTTPS (DoH) is a recommended feature that enhances privacy for everyone. When you type a web address into your address bar, Firefox sends a secure DNS request to look up the IP address for that website over the Internet. DNS over HTTPS protection can be configured in four different ways.

Configure DoH protection settings

Default Protection is automatically enabled in Firefox when DNS-over-HTTPS (DoH) is activated. If you would like to modify the settings or select a different level of protection, please follow these steps:

1. Click the menu button at the top right of the screen.
2. Click Settings.
3. Click Privacy & Security on the left.
4. Scroll down to the DNS ove HTTPS section.

Protection levels explained

Default Protection

The Default Protection automatically enables secure DNS in available regions and falls back to the default resolvers if there are issues. Default protection allows you to use local providers when possible. It disables DoH when VPN, parental control or enterprise policies are active or when a network tells Firefox not to use secure DNS.

Increased protection

When Increased Protection is on, DoH is constantly active with the using the providers you select. We will only switch to a backup option if there are any issues with your chosen provider.

Max Protection

Max protection will always use secure DNS and a security warning will show before falling back to your system DNS.

Off

When secure DNS is off, you’ll use your default DNS resolver.

DoH Status Display

Based on the protection level you choose, the status indicator will reflect either Active, Not active, or Off. Choose the desired level of protection you want to use. Once you select a protection level, the status indicator will change, and you will see the corresponding provider for your selection.

• Active: When status is active, Firefox is securely sending DNS quotes to ensue your online activities are protected.
• Not active: Firefox detects errors or certain network conditions like VPN, parental controls, enterprise policies that tell Firefox not to use DoH. To learn more about error screens and therir meaning, see below.
• off: DoH has been disabled.

Add sites to the Exceptions list

1. Click the menu button at the top right of the screen.
2. Click Settings.
3. Click Privacy & Security on the left.
4. Click the Manage Exceptions button.

Frequently asked questions

What is a local provider?

A local provider is a DNS resolver that is hosted within a user's local network or Internet Service Provider (ISP). It allows users to secure their DNS queries and access the internet securely.

Why would a network tell Firefox not to use secure DNS?

Some organizations restrict access to certain websites. If an organization has their own secure DNS, they will ask Firefox not to bypass it. For additional information on DNS-over-HTTPS, you can refer to some of the commonly asked questions (FAQs).

What does my DoH status mean?

You may get an error screen for a variety of reasond including Firefox not being able to connectivity and website issues.

• Firefox wasn't able to connect to provider or resolver.
• The website won't load.
• The connection to the provider took longer than expected.
• You are not connected to the internet.
• There was a problem with the provider or resolver.
• Thes website doesn't exist.

Here’s a detailed description of of the most common issues:

Name	Code	Description
TRR_FAILED	7	Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>.
TRR_DISABLED_FLAG	10	The website won’t load.
TRR_TIMEOUT	11	The connection to <Cloudflare, resolvername, or resolverdomain> took longer than expected.
TRR_CHANNEL_DNS_FAIL	12	Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>.
TRR_IS_OFFLINE	13	You are not connected to the internet.
TRR_NOT_CONFIRMED	14	Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>.
TRR_UNKNOWN_CHANNEL_FAILURE	16	Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>.
TRR_HOST_BLOCKED_TEMPORARY	17	The website won’t load.
TRR_SEND_FAILED	18	Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>.
TRR_NET_RESET	19	Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>.
TRR_NET_TIMEOUT	20	The connection to <Cloudflare, resolvername, or resolverdomain> took longer than expected.
TRR_NET_REFUSED	21	Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>.
TRR_NET_INTERRUPT	22	Firefox wasn’t able to connect to <Cloudflare, resolvername, or resolverdomain>.
TRR_NET_INADEQ_SEQURITY	23	Firefox wasn’t able to establish a secure connection to <Cloudflare, resolvername, or resolverdomain>.
TRR_NO_ANSWERS	24	This website wasn’t found by <Cloudflare, resolvername, or resolverdomain>.
TRR_DECODE_FAILED	25	There was a problem with <Cloudflare, resolvername, or resolverdomain>.
TRR_SERVER_RESPONSE_ERR	27	There was a problem with <Cloudflare, resolvername, or resolverdomain>.
TRR_RCODE_FAIL	28	There was a problem with <Cloudflare, resolvername, or resolverdomain>.
TRR_NO_CONNECTIVITY	29	You are not connected to the internet.
TRR_NXDOMAIN	30	This website doesn’t exist.
TRR_REQ_CANCELLED	31	Your request to visit this website was cancelled.
TRR_HEURISTIC_TRIPPED_CANARY	40	DNS over HTTPS has been disabled on your network.