Configure DNS-over-HTTPS in Firefox


Creating a Virtual Site for Off-Network Clients and DoH Urls

REPLACE {DOH PREFIX} with your DoH prefix.

Configuring DNS-over-HTTPS with Firefox Manually

  • Click the menu button Menu and select Preferences.
  • In the General panel, scroll down to Network Settings and click the Settings button.
  • In the dialog box that opens, scroll down to Enable DNS over HTTPS.
  • On: Select the Enable DNS over HTTPS checkbox. Select a provider or set up a custom provider. Off: Deselect the Enable DNS over HTTPS checkbox.
  • Click the Use Provider drop-down under Enable DNS over HTTPS to select a provider.
  • Change DNS Provider
  • Add your DOH URL* (https://{DOH PREFIX}
  • Click OK to save your changes and close the window.

Configuring DNS-over-HTTPS with Firefox Options

network.trr.custom_uri={DOH PREFIX}
network.trr.uri={DOH PREFIX}
network.trr.mode (
network.trr.disable-ECS = TRUE

network.trr.disable-ECS TRUE is a required setting. If you do not make this change, you queries will be blocked.

You should not change the mode manually, instead use the UI in the Network Settings section of about:preferences

• 0 - Off (default). use standard native resolving only (don't use TRR at all)
• 1 - Reserved (used to be Race mode)
• 2 - First. Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
• 3 - Only. Only use TRR, never use the native resolver.
• Up to FF >= 73, this mode also requires the bootstrapAddress pref to be set.
• Starting with Firefox 74, setting the bootstrap address is no longer mandatory - the browser will simply bootstrap itself using regular DNS, unless the DoH server domain can't be resolved.
• The native resolver will still be used for portal detection and telemetry (Bug 1593873)
• 4 - Reserved (used to be Shadow mode)
• 5 - Off by choice. This is the same as 0 but marks it as done by choice and not done by default.