How to Set Up DNS over HTTPS in Firefox

This guide provides detailed instructions for configuring DNS over HTTPS (DoH) in Mozilla Firefox, including basic setup, advanced options, and troubleshooting tips.

Prerequisites

  • Mozilla Firefox browser (version 68 or later)
  • Basic understanding of DNS concepts
  • Access to Firefox settings

Basic Configuration

Step 1: Access Firefox Settings

  1. Open Firefox
  2. Click the menu button (☰) in the top-right corner
  3. Select “Settings”
  4. Scroll down to “Network Settings”
  5. Click the “Settings…” button

Step 2: Enable DNS over HTTPS

  1. In the Connection Settings dialog:
    • Scroll down to find “Enable DNS over HTTPS”
    • Check the box to enable it
  2. Choose your DNS over HTTPS provider:
    • Default: Cloudflare
    • Custom provider

Step 3: Configure Custom Provider

If you want to use a custom DoH provider:

  1. Select “Custom”
  2. Enter your preferred DoH provider URL, for example: 
    https://dns.google/dns-query
https://1.1.1.1/dns-query
https://dns.quad9.net/dns-query

Advanced Configuration

Using about:config

For advanced users, Firefox offers additional DoH settings through about:config:

  1. Enter “about:config” in the address bar
  2. Accept the risk warning
  3. Search for “network.trr”
  4. Configure the following settings:
    • network.trr.mode:
      • 0: Off (default)
      • 1: Race native DNS with DoH
      • 2: DoH first, with fallback to native DNS
      • 3: DoH only
      • 5: Off by choice
    • network.trr.uri: Your DoH provider URL
    • network.trr.bootstrapAddress: Provider’s IP address
    • network.trr.confirmation_telemetry_enabled: Enable/disable telemetry

Enterprise Configuration

For enterprise deployments, you can configure DoH through policies:

{
  "policies": {
    "DNSOverHTTPS": {
      "Enabled": true,
      "ProviderURL": "https://dns.example.com/dns-query",
      "Locked": true
    }
  }
}

Verification

Method 1: Using Firefox’s Built-in Tools

  1. Open a new tab
  2. Enter “about:networking#dns” in the address bar
  3. Check the “TRR” column:
    • “true” indicates DoH is being used
    • “false” indicates standard DNS

Method 2: Using Developer Tools

  1. Press F12 to open Developer Tools
  2. Go to the Network tab
  3. Filter by “DNS”
  4. Visit a website
  5. Look for “HTTPS” in the protocol column

Method 3: Using Online Tools

  1. Visit DNS Leak Test
  2. Run the standard test
  3. Verify that queries are going through your chosen DoH provider

Troubleshooting

Common Issues

  1. DoH Not Working

    • Check if your network blocks HTTPS on port 443
    • Verify the DoH provider URL is correct
    • Try a different DoH provider
    • Check network.trr.mode setting

  2. Performance Issues

    • Try different network.trr.mode settings
    • Use a geographically closer DoH provider
    • Check your network connection quality
    • Monitor DNS resolution times

  3. Compatibility Issues

    • Update Firefox to the latest version
    • Check for conflicting add-ons
    • Reset Firefox DNS settings
    • Clear Firefox cache

Advanced Troubleshooting

  1. Check DNS Resolution

    # Using dig command
dig @1.1.1.1 example.com

  2. Monitor DNS Traffic

    # Using tcpdump
sudo tcpdump -i any port 443 and host dns.google

Best Practices

  1. Provider Selection

    • Choose providers with strong privacy policies
    • Consider providers with DNSSEC support
    • Test provider performance
    • Review provider’s logging practices

  2. Security Considerations

    • Enable DNSSEC validation
    • Use trusted DoH providers
    • Regularly update Firefox
    • Monitor DNS resolution patterns

  3. Performance Optimization

    • Use network.trr.mode = 2 for balance
    • Configure bootstrap address
    • Enable DNS prefetching
    • Monitor resolution times

Next Steps