CyberTech

Level 22
Verified
In June, Mozilla had announced that they were performing a limited Shield study for their Nightly users to monitor the performance of DNS-over-HTTPS (DoH) in Firefox. This study uses Cloudflare's DNS service to encrypt both the requests and responses to any DNS queries in order to increase a user's privacy.

Mozilla has been happy so far with the performance of DoH and have stated that even the slowest users have seen a huge performance improvement. Due to this, Mozilla is now expanding this Shield study to a small portion of the Release channel to get a wider audience testing their DNS-over-HTTPS feature.

"Our initial tests of DoH studied the time it takes to get a response from Cloudflare’s DoH resolver," stated Mozilla's announcement. "The results were very positive – the slowest users show a huge performance improvement. A recent test in our Beta channel confirmed that DoH is fast and isn’t causing problems for our users. However, those tests only measure the DNS operation itself, which isn’t the whole story."

As this expanded study will only roll out to a limited amount of users, not everyone who is currently using Firefox will have it enabled. For those who are picked to be part of the study, you will be shown an notification describing the study and asking if you wish to participate.

For those who were not selected for the study, but still wish to test Firefox's DoH implementation, you can enable it manually using the instructions below.

How to enable DNS-over-HTTPS (DoH) in Firefox

Currently DoH is still being tested by Firefox, but if you want to start using it immediately you can enable it in the about:config settings. To enable DoH, please follow these steps:
  1. Type about:config in the Firefox address bar and then press enter. When Firefox asks, click on the button stating that you accept the risks.
  2. In the search field enter network.trr to display all of the settings for Firefox's Trusted Recursive Resolver, which is the DNS-over-HTTPS Endpoint used by Firefox.
  3. Double-click on network.trr.mode, enter 2 in the field, and press OK as shown below. This turns on DoH in Firefox.



  4. Next you need to make sure the network.trr.uri is set to https://mozilla.cloudflare-dns.com/dns-query as this is Cloudflare's DoH DNS resolver that Firefox has partnered with for the test. If it is not set to this URL, please double-click on the setting and enter the URL.
  5. You can now close the about:config page.
To test whether you are now using DoH to resolve DNS queries, you can go to Cloudflare's Browsing Experience Security Check page and click the "Check my browser" button. The web page will now perform a variety of tests to see if you are using Secure DNS, DNSSEC, TLS 1.3, or Encrypted SNI.

If DoH is enabled correctly it should report that Secure DNS and TLS 1.3 are enabled as shown below.


Cloudflare's Browser Experience Security Check Page

Firefox is now using DoH to resolve any DNS queries from the browser.

Source: Mozilla Firefox Expands DNS-over-HTTPS (DoH) Test to Release Channel
 

MrBananaxx

Level 2
I checked the about:config and tls 1.3 seems to be enabled, that's weird :/
Edit: that's because of the encrypted connections scanning setting in Kaspersky free, I turned it off and now it's working
 
Last edited:
  • Like
Reactions: _CyberGhosT_

_CyberGhosT_

Level 53
Verified
Trusted
Content Creator
Now if you set DoH for say Cleanbrowsing DNS or KeweonDNS and after a new FF update you'll see that it no longer works.

I believe Mozilla wants it to work with Cloudflare only.
Have you tried putting a AdGuard server address in there ? I might try that, FF and AdGuard get along, I need to check in the beta forums over at AdGuard, surely I am not the first to want to do that. I may try it after some digging.
 

HarborFront

Level 46
Verified
Content Creator
Have you tried putting a AdGuard server address in there ? I might try that, FF and AdGuard get along, I need to check in the beta forums over at AdGuard, surely I am not the first to want to do that. I may try it after some digging.
I use either Cleanbrowsing DNS or KeweonDNS is because they are secure DNS which do not keep logs.

Now my android Pie handphone I set DoT(DNS-over-TLS) using Cleanbrowsing DNS. KeweonDNS does not support DoT yet.

On my tablets I set the DNS addresses of Cleanbrowsing DNS and KeweonDNS in Windows
 

Stas

Level 8
They are both 1.1.1.1 which is cloudflare secure dns. The fact you are using that though doesn't mean you are doing it over doh. So you have to both add the cloudflare dns and enable doh in firefox.
I know they are both 1.1.1.1 and how to setup doh that's not what I was asking, I want to know differences between them if I use https://mozilla.cloudflare-dns.com/dns-query will mozilla & cloudflare share my data? And if I use https://cloudflare-dns.com/dns-query will only cloudflare get my data. Which one better to use? I think it's better to use https://cloudflare-dns.com/dns-query without mozilla but I could be wrong.
 

HarborFront

Level 46
Verified
Content Creator
I know they are both 1.1.1.1 and how to setup doh that's not what I was asking, I want to know differences between them if I use https://mozilla.cloudflare-dns.com/dns-query will mozilla & cloudflare share my data? And if I use https://cloudflare-dns.com/dns-query will only cloudflare get my data. Which one better to use? I think it's better to use https://cloudflare-dns.com/dns-query without mozilla but I could be wrong.
Both will collect the personal info of the user

Privacy Policy | Cloudflare