Compare Revisions
Firefox DNS over HTTPS
Revision 184957:
Revision 184957 by Lamont287 on
Revision 187033:
Revision 187033 by heyjoni on
Keywords:
Firefox; DNS-over-HTTPS; DNS; HTTPS; DoH
Firefox; DNS-over-HTTPS; DNS; HTTPS; DoH
Search results summary:
DoH improves privacy by hiding domain name lookups from someone lurking on public WiFi, your ISP, or anyone else on your local network. Learn more.
DoH improves privacy by hiding domain name lookups from someone lurking on public WiFi, your ISP, or anyone else on your local network. Learn more.
Content:
=About DNS-over-HTTPS=
When you type a web address or domain name into your address bar (example: www.mozilla.org), your browser sends a request over the Internet to look up the IP address for that website. Traditionally, this request is sent to servers over a plaintext connection. This connection is not encrypted, making it easy for third-parties to see what website you’re about to access.
DNS-over-HTTPS (DoH) works differently. It sends the domain name you typed to a DoH-compatible DNS server using an encrypted HTTPS connection instead of a plaintext one. This prevents third-parties from seeing what websites you are trying to access.
==Benefits==
DoH improves privacy by hiding domain name lookups from someone lurking on public WiFi, your ISP, or anyone else on your local network.
DoH, when enabled, ensures that your ISP cannot collect and sell personal information related to your browsing behavior.
==Risks==
* Some individuals and organizations rely on DNS to block malware, enable parental controls, or filter your browser’s access to websites. When enabled, DoH bypasses your local DNS resolver and defeats these special policies. Firefox allows users (via settings) and organizations (via enterprise policies and a canary domain lookup) to disable DoH when it interferes with a preferred policy.
* In the US, Firefox by default directs DoH queries to DNS servers that are operated by CloudFlare, meaning that CloudFlare has the ability to see users' queries. Mozilla has a strong [https://wiki.mozilla.org/Security/DOH-resolver-policy Trusted Recursive Resolver (TRR) policy] in place that forbids CloudFlare or any other DoH partner from collecting personal identifying information. To mitigate this risk, our partners are contractually bound to adhere to this policy.
* DoH could be slower than traditional DNS queries, but in testing we found that the [https://blog.mozilla.org/futurereleases/2019/04/02/dns-over-https-doh-update-recent-testing-results-and-next-steps/ impact is minimal and in many cases DoH is faster].
=Enabling and disabling DNS-over-HTTPS=
[[Template:dohtoggle]]
=Switching providers=
# [[Template:optionspreferences]]
# Scroll down to '''Network Settings''' and click the '''Settings''' button.
# Click the drop-down under '''Enable DNS over HTTPS''' to select a provider.
__TOC__
=About DNS-over-HTTPS=
When you type a web address or domain name into your address bar (example: www.mozilla.org), your browser sends a request over the Internet to look up the IP address for that website. Traditionally, this request is sent to servers over a plaintext connection. This connection is not encrypted, making it easy for third-parties to see what website you’re about to access.
DNS-over-HTTPS (DoH) works differently. It sends the domain name you typed to a DoH-compatible DNS server using an encrypted HTTPS connection instead of a plaintext one. This prevents third-parties from seeing what websites you are trying to access.
==Benefits==
DoH improves privacy by hiding domain name lookups from someone lurking on public WiFi, your ISP, or anyone else on your local network.
DoH, when enabled, ensures that your ISP cannot collect and sell personal information related to your browsing behavior.
==Risks==
* Some individuals and organizations rely on DNS to block malware, enable parental controls, or filter your browser’s access to websites. When enabled, DoH bypasses your local DNS resolver and defeats these special policies. Firefox allows users (via settings) and organizations (via enterprise policies and a canary domain lookup) to disable DoH when it interferes with a preferred policy.
* In the US, Firefox by default directs DoH queries to DNS servers that are operated by CloudFlare, meaning that CloudFlare has the ability to see users' queries. Mozilla has a strong [https://wiki.mozilla.org/Security/DOH-resolver-policy Trusted Recursive Resolver (TRR) policy] in place that forbids CloudFlare or any other DoH partner from collecting personal identifying information. To mitigate this risk, our partners are contractually bound to adhere to this policy.
* DoH could be slower than traditional DNS queries, but in testing we found that the [https://blog.mozilla.org/futurereleases/2019/04/02/dns-over-https-doh-update-recent-testing-results-and-next-steps/ impact is minimal and in many cases DoH is faster].
=Enabling and disabling DNS-over-HTTPS=
[[Template:dohtoggle]]
=Switching providers=
# [[Template:optionspreferences]]
# Scroll down to '''Network Settings''' and click the '''Settings''' button.
# Click the drop-down under '''Enable DNS over HTTPS''' to select a provider.
=Excluding specific domains=
You can configure exceptions so that Firefox uses your OS resolver instead of DOH:
#Go to ''about:config''.
#Search for the '''network.trr.excluded-domains''' preference.
#Add domains to the list, separated by commas. ('''Note:''' Do not remove any domains from the list.)
{note}'''A note about subdomains: '''Firefox will check all the domains you've listed in ''network.trr.excluded-domains'' and their subdomains. For instance, if you enter ''example.com'', Firefox will also exclude ''www.example.com''.{/note}
=Configuring Networks to Disable DOH=
See [[Configuring Networks to Disable DNS over HTTPS]]