The privacy-protected Firefox browser has now begun testing the DoH feature in the nightly build to protect user access to addresses that are not hijacked by middlemen.
We know that when we visit a URL, we will first query the server by DNS resolution and then return the server IP address of the corresponding website to the browser. In this process, DNS does not use cryptographically secure connections by default, so attackers can direct users to phishing sites through man-in-the-middle attacks.
In view of this, the current Enlightenment Foundation and other vendors have launched DNS query functions based on encrypted and secure connections, which will prevent typical man-in-the-middle attacks.
The current nightly build of Firefox has started to use the DoH function by default. Of course, the prerequisite is to enable the DNS server that supports DoH.
The adopted DoH DNS server is naturally the 1.1.1.1 public server that was previously launched. This server is directly operated by CLOUDFLARE.
The biggest advantages of adopting DoH are: preventing DNS providers from collecting user data, improving the anti-phishing capability of DNS servers, and protecting user privacy.
You can manually configure DoH
1] Type about:config in the location bar
2] Search for network.trr (TRR stands for Trusted Recursive Resolver – it is the DoH Endpoint used by Firefox.)
3] Change network.trr.mode to 2 to enable DoH. This will try and use DoH but will fallback to insecure DNS under some circumstances like captive portals. (Use mode 5 to disable DoH under all circumstances.)
4] Set network.trr.uri to your DoH server. Cloudflare’s is https://mozilla.cloudflare-dns.com/dns-query but you can use any DoH compliant endpoint.
The DNS tab on the about:networking page indicates which names were resolved using the Trusted Recursive Resolver (TRR) via DoH.
Source: Mozilla
