Mozilla Firefox, one of the most rated privacy-centric browsers made a shift to DNS over HTTPS (DoH) as a more secure alternative to prevent spying and exploitations.
DoH encrypts your DNS lookups in an encrypted HTTPS connection. This means whenever you type a website address, DoH takes your query and sends it to a DoH-compatible server, which in this case is Cloudflare through an encrypted HTTPS connection, thus making it harder for third parties to see which websites you’re about to access.
Firefox offers four protection levels which you can select for maximum security. By default, the browser decides when to use secure DNS to protect your privacy.
There are three other options to select from, namely Increase Protection and Max Protection. Based on the protection level you use, the status indicator will reflect accordingly.
You can turn it off as well in case you have a local DNS resolver. Firefox uses Cloudflare’s DNS over HTTPS service by default, however, users can manually change to some other encrypted DNS service.
How do I know if DNS over HTTPS is working in Firefox?
So, you first want to check if DNS over HTTPS is already enabled on your Firefox browser. Well, it’s easier to check. While the Status of the DoH setting can tell the same, you can also follow these quick steps.
- Type “about:networking” in the Firefox address bar and press Enter.
- Click on the “DNS” tab.
- If you see ‘2’ below the DoH Mode, it means DoH is working in Firefox. If you see ‘5,’ it means the DoH is not working.
Alternatively, enter https://126.96.36.199/help in Firefox’s address bar to verify if DoH is enabled and working properly.
This web page will also show you other important aspects.
How do I enable DNS over HTTPS on Firefox?
So, you have checked that the DoH feature is not already enabled on Firefox and now you want to enable it after knowing the advantages of it. The guide will show you how you can enable DNS over HTTPS on Firefox and unlock enhanced protection when you’re browsing.
- In Firefox on Windows 11, go to Settings OR type about:preferences in the address bar.
- Choose Privacy & Security.
- Scroll down until you find “DNS over HTTPS”
- By default, Firefox has chosen the first way of protection, where it decides when to use DNS.
The other three protection level includes ‘Increased Protection,’ ‘Max Protection,’ and ‘Off.’
To turn DNS over HTTPS in Firefox, enable either of these two options. As soon as you select any one of them, Firefox will change the status to ‘Active.’
If the status shows ‘Active,’ it means your DNS requests are wrapped inside the HTTPS protocol to ensure that the requests cannot be intercepted via a Man in the Middle (MITM) attack.
If the status shows ‘Not Active,’ it depicts certain network conditions like VPN, parental controls, and enterprise policies that have directed Firefox not to use DoH. And, ‘Off’ is self-explanatory.
How do I turn off DNS over HTTPS in Firefox?
First off, it is recommended to turn on the DNS over HTTPS setting in Firefox to safeguard yourself from potential risks. However, there could be reasons why you need to turn it off. For instance, a network is telling Firefox not to use DNS requests because certain websites are inaccessible.
Furthermore, some organizations have their own secure DNS and they will ask Firefox not to bypass it. Additionally, some users may prefer to use their ISP’s DNS servers for faster and more reliable resolution of domain names.
Another possibility that you want to disable DNS over HTTPS in Firefox is that it’s interfering with certain services or applications that rely on DNS resolution. Therefore, you should only enable it if you fully understand the implications.
Simply select ‘Off’ from the list of options to turn off Firefox’s default DoH service.
Can I use custom DNS providers with DoH in Firefox?
Yes, you can use custom DNS providers in Firefox. By default, Firefox uses Cloudflare as its DoH provider, but you can change this to a custom provider of your choice. You can use NextDNS and other providers that are partners with Mozilla and follow the DoH resolver policy.
Other DNS providers are satisfied as partners for Mozilla’s Trusted Recursive Resolver (TRR) program. As per Mozilla, it is open to adding more DNS providers as long as they meet a list of requirements.
Here’s how you can change the default DoH provider on Firefox –
- Select “Increased Protection” from the list.
- Open the drop-down under “Choose provider”
- Select custom.
To use a custom DoH provider in Firefox, you need to know the provider’s DoH endpoint URL.
Furthermore, every DNS provider provides a configuration guide that you can follow to add them to Firefox using “about:config” panel. So, it’s recommended to go by those instructions.