How to enable DNS on HTTPS (DoH) in Firefox

by



[ad_1]

The DNS protocol on HTTPS (DoH) is currently under study, and the Firefox browser is the only one to support it.

However, the feature is not enabled by default for Firefox users, who will need to go through several steps and change several settings before they can run DoH.

But before turning to a step-by-step tutorial on how a person can enable DoH support in Firefox, let's describe what he does in the first place.

How DNS works on HTTPS

The DNS over HTTPS protocol works by taking a domain name that a user has entered into his browser and sending a request to a DNS server to know the numeric IP address of the web server that hosts that specific site.

This is how normal DNS works. However, DoH takes the DNS query and sends it to a DoH-compatible DNS (resolver) server over an encrypted HTTPS connection on port 443, rather than plain text on port 53.

In this way, DoH masks DNS queries in normal HTTPS traffic, so that third-party observers can not detect traffic or indicate which DNS queries users are running and which Web sites they will access.

In addition, a secondary feature of DNS-over-HTTPS is that the protocol works at the application level. Applications can be accompanied by hard-coded, internal code-compliant DoH-compatible DNS resolver lists where they can send DoH requests.

This operating mode bypasses the default DNS settings at the operating system level, which are, in most cases, those defined by the local ISPs.

It also means that applications that support DoH can effectively bypass local ISP traffic filters and access content that can be blocked by a phone company or local government – which is why DoH is currently hailed as a boon to the Internet. privacy and user security.

This is one of the reasons why DoH gained such popularity in less than two years after its launch, and one reason why a group of UK ISPs nominated Mozilla for the Naughty Internet Award 2019 for its DoH protocol support projects, which they said that they would thwart their efforts by filtering the bad traffic.

In response, and because of the complex situation in the UK, where the government is blocking access to copyright-infringing content and where ISPs are voluntarily blocking access to the website on the Internet. child abuse, Mozilla has decided not to enable this default feature for UK users.

The step-by-step guide below will show Firefox users in the UK and around the world how to enable this feature now, without waiting for Mozilla to activate it later, if it ever does.

Step 1: Type about: config in the URL bar and press Enter to access the hidden Firefox control panel. Here, users will have to activate and modify three parameters.

2nd step: The first setting is network.trr.mode. This activates DoH support. This parameter supports four values:

  • 0 – DoH is disabled
  • 1 – DoH is enabled, but Firefox chooses whether to use DoH or a normal DNS based on which query responses are faster.
  • 2 – DoH is enabled and normal DNS functions as a backup.
  • 3 – DoH is enabled and normal DNS is disabled

A value of 2 is better.

DoH in Firefox

Image: ZDNet

Step 3: The second parameter to modify is network.trr.uri. This is the DoH-compliant DNS server URL where Firefox will send DoH DNS queries. By default, Firefox uses the Cloudflare DoH service located at the address https://mozilla.cloudflare-dns.com/dns-query. However, users can use their own DoH server URL. They can select one from the many available servers in this list here. The reason why Mozilla uses Cloudflare in Firefox is due to the fact that the companies have reached an agreement as a result of which Cloudflare would collect very little data on DoH requests from Firefox users.

DoH in Firefox "data-original =" https://zdnet2.cbsistatic.com/hub/i/2019/07/06/4dd1d5c1-6fa7-4f5b-b7cd-b544748edfed/baa7a70ac084861d94a744a57a744a57a57a7a7a7a7a.png

Image: ZDNet

Step 4: The third parameter is optional and you can ignore this one. But if things do not work, you can use this one as a backup for step 3. This option is called network.trr.bootstrapAddress and is an input field in which users can enter the numerical IP address of the DoH compatible DNS resolver that they entered at step 3. For Cloudflare, it would act as 1.1 .1.1. For the Google service, it would be 8.8.8.8. If you have used the URL of another DoH resolver, you must locate the IP address of this server and enter it here, if any.

DoH in Firefox "data-original =" https://zdnet1.cbsistatic.com/hub/i/2019/07/06/8ec20a28-673c-4a17-8195-16579398e90a/538fe8420f9b24724aeb4a6c8d4f0f0f/doh-3.png

Image: ZDNet

Normally, the URL entered in step 3 should suffice.

The settings should apply immediately, but if they do not work, restart Firefox.

Source of the article: Mozilla Wiki

More browser cover:

[ad_2]

Source link