Hey Dan i use Firefox on mobile but I've used it on desktop as well and I use adguard DNS but I use it at the system level it's DNS over https and it still works similarly i put it on my phone's system level DNS and then go in the Firefox settings and choose the one that will let you use your own custom provider or you can switch it off and just use the system level here's some more information that I've learned myself i hope it helps and , It is indeed expected behavior and a common technical limitation with browser-based VPNs (which are technically "Secure Proxies"). When you use a browser's built-in VPN—like the Microsoft Edge Secure Network or Chrome’s IP Protection—the browser attempts to "tunnel" your traffic through a secure node. This creates a conflict with **DNS over HTTPS (DoH)** for several reasons:

1. 1. 1. 1. The "DNS Leak" Protection Conflict

Browser VPNs are designed to prevent "DNS Leaks" (where your IP is hidden but your ISP can still see what websites you are looking up). To prevent this, these VPNs typically **force** the browser to use the VPN's own internal DNS resolvers.

• If you have a custom DoH (Quad9) enabled, the browser is essentially receiving two conflicting commands: "Send DNS queries to Quad9 via HTTPS" and "Send all traffic through the VPN's proxy."
• If the VPN is active, it often blocks any outbound traffic that isn't headed for its own proxy nodes—including your encrypted requests to Quad9—resulting in the page failing to load because the "address book" lookup failed.

1. 1. 1. 2. Routing Loops and Reachability

For your browser to reach the Quad9 DoH endpoint (https://dns.quad9.net/dns-query$) , it first needs to know where that server is.

• If the VPN is trying to wrap all HTTPS traffic, it might try to wrap the Quad9 request itself.
• If the VPN requires a DNS lookup to connect to its own servers, but your DNS is set to go *through* the VPN, you end up with a "circular dependency" where nothing can connect because they are both waiting on each other.

1. 1. 1. Advice and Workarounds

If you want to maintain your privacy while using these tools, here are your best options:

• **Choose One for the Session:** Most browser-based VPNs are designed to be "all or nothing." If you need the VPN for a specific site, temporarily set your Secure DNS to **"Use current service provider"** (which will default to the VPN's DNS). Switch back to Quad9 once you turn the VPN off.
• **Move DNS to the System Level:** Instead of setting Quad9 inside the browser settings, set it at the **Operating System level** (Windows/macOS Network Settings). Some browser VPNs are less "aggressive" toward system-level DNS than they are toward their own internal DoH settings.
• **Use a Standalone VPN App:** If you use a full VPN client (like Mullvad, Proton, or Nord) rather than a browser extension/feature, you can often configure the VPN app itself to use a custom DNS like Quad9. System-level VPNs handle the routing table much more effectively than a browser can.
• **Check for "Strict" Settings:** If you are using **Microsoft Edge**, check if "Secure Network" is set to "Select Sites" rather than "All Sites." If it's on "All Sites," it will almost always break custom DoH.

• • The Verdict:** You aren't doing anything wrong; the browser is simply prioritizing "leak prevention" over your custom DNS configuration. For the best stability, it is usually recommended to let the VPN handle DNS while it is active.

Hope this helps! Chase L. Owner/Founder, Bigwizard Media

I have the same issue, the VPN works if I Enable DNS over HTTPS using Default Protection, however if I select Max Protection and use Cloudflare, it doesa not work as it cannot resolve DNS.

If I disable the VPN or select Defualt Protection, DNS works again.

Windows 11 Pro 25H2 26200.8313 Firefox 150.0.1