Firefox has begun the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users. The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users.
If you’re outside of the US and would like to enable DoH, you can do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear. By default, this change will send your encrypted DNS requests to Cloudflare.
Users have the option to choose between two providers — Cloudflare and NextDNS — both of which are trusted resolvers. Go to Settings, then General, then scroll down to Network Settings and click the Settings button on the right. From there, go to Enable DNS over HTTPS, then use the pulldown menu to select the provider as your resolver.
A little over two years ago, Firefox began work to help update and secure one of the oldest parts of the internet, the Domain Name System (DNS). To put this change into context, a description of how the system worked before DoH is needed.
DNS is a database that links a human-friendly name, such as www.mozilla.org, to a computer-friendly series of numbers, called an IP address (e.g. 192.0.2.1). By performing a “lookup” in this database, your web browser is able to find websites on your behalf. Because of how DNS was originally designed decades ago, browsers doing DNS lookups for websites — even encrypted https:// sites — had to perform these lookups without encryption.
Because there is no encryption, other devices along the way might collect (or even block or change) this data too. DNS lookups are sent to servers that can spy on your website browsing history without either informing you or publishing a policy about what they do with that information.
At the creation of the Internet, these kinds of threats to people’s privacy and security were known, but not being exploited yet. Today, many know that unencrypted DNS is not only vulnerable to spying, but is being exploited. As a result, Firefox will now be performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, and helps prevent data collection by third parties on the network that ties your computer to websites you visit.
Since Firefox’s work on DoH began, many browsers have joined in announcing their plans to support DoH, and major websites like Facebook have moved to support a more secure DNS.
Firefox says it will continue to explore enabling DoH in other regions, and is working to add more providers as trusted resolvers to its program.