In June, Mozilla had announced that they were performing a limited Shield study for their Nightly users to monitor the performance of DNS-over-HTTPS (DoH) in Firefox. This study uses Cloudflare’s DNS service to encrypt both the requests and responses to any DNS queries in order to increase a user’s privacy.
Mozilla has been happy so far with the performance of DoH and have stated that even the slowest users have seen a huge performance improvement. Due to this, Mozilla is now expanding this Shield study to a small portion of the Release channel to get a wider audience testing their DNS-over-HTTPS feature.
“Our initial tests of DoH studied the time it takes to get a response from Cloudflare’s DoH resolver,” stated Mozilla’s announcement. “The results were very positive – the slowest users show a huge performance improvement. A recent test in our Beta channel confirmed that DoH is fast and isn’t causing problems for our users. However, those tests only measure the DNS operation itself, which isn’t the whole story.”
As this expanded study will only roll out to a limited amount of users, not everyone who is currently using Firefox will have it enabled. For those who are picked to be part of the study, you will be shown an notification describing the study and asking if you wish to participate.
For those who were not selected for the study, but still wish to test Firefox’s DoH implementation, you can enable it manually using the instructions below.
How to enable DNS-over-HTTPS (DoH) in Firefox
Currently DoH is still being tested by Firefox, but if you want to start using it immediately you can enable it in the about:config settings. To enable DoH, please follow these steps:
Type about:config in the Firefox address bar and then press enter. When Firefox asks, click on the button stating that you accept the risks.
In the search field enter network.trr to display all of the settings for Firefox’s Trusted Recursive Resolver, which is the DNS-over-HTTPS Endpoint used by Firefox.
Double-click on network.trr.mode, enter 2 in the field, and press OK as shown below. This turns on DoH in Firefox.
Next you need to make sure the network.trr.uri is set to https://mozilla.cloudflare-dns.com/dns-query as this is Cloudflare’s DoH DNS resolver that Firefox has partnered with for the test. If it is not set to this URL, please double-click on the setting and enter the URL.
You can now close the about:config page.
To test whether you are now using DoH to resolve DNS queries, you can go to Cloudflare’s Browsing Experience Security Check page and click the “Check my browser” button. The web page will now perform a variety of tests to see if you are using Secure DNS, DNSSEC, TLS 1.3, or Encrypted SNI.
If DoH is enabled correctly it should report that Secure DNS and TLS 1.3 are enabled as shown below.
Cloudflare’s Browser Experience Security Check Page
Firefox is now using DoH to resolve any DNS queries from the browser.