Firefox rolls out encrypted DNS over HTTPS by default

(Image credit: Shutterstock)

In an effort to further protect the privacy of its users online, Firefox has begun rolling out encrypted DNS over HTTPS (DoH) by default for US-based users.

The rollout will continue over the course of the next few weeks as Mozilla works to confirm that no major issues are discovered as US Firefox users begin to use the new protocol.

A little over two years ago, the company began working to help update and secure one of the oldest parts of the internet, the Domain Name System (DNS). DNS links web addresses to IP addresses and when browsers need to perform a DNS lookup, unfortunately they have to do so without encryption.

In a blog post, former principal engineer at Mozilla, Patrick McManus explained why DNS lookups can jeopardize your privacy online, saying:

“DNS hails from the days of a kinder, more gentle Internet where it was normal to make this kind of query using unencrypted protocols and send them to any nearby server who claimed to be able to answer it. This approach is no longer a fit for the modern Internet.  Because there is no encryption, other devices along the way might collect (or even block or change) this data too.  DNS lookups are sent to servers that can spy on your website browsing history without either informing you or publishing a policy about what they do with that information.”


Given that now we know that unecrypted DNS is not only vulnerable to spying but is also being exploited by cybercriminals, Mozilla is working to help the internet make the shift to more secure alternatives.

The Firefox maker is now performing DNS lookups in an encrypted HTTPS connection to help hide your browsing history from attackers as well as to prevent data collection by third parties. Since Mozilla's work on DoH began, many other browsers have followed suit by announcing their own plans to support DoH.

At this time, DoH by default is being enabled by Firefox only in the US. However, if you're outside of the US and would like to enable DoH, you can do so by going to Firefox's network settings. By default, this change will send your encrypted DNS requests to Cloudflare but you also have the option to choose to use NextDNS instead.

Mozilla plans to enable DoH in other regions and the company is also working to add more DNS providers as trusted resolvers to its program.

  • Also check out our complete list of the best VPN services
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.