Skip to main content

Firefox rolls out encrypted DNS over HTTPS by default

(Image credit: Shutterstock)

In an effort to further protect the privacy of its users online, Firefox has begun rolling out encrypted DNS over HTTPS (DoH) by default for US-based users.

The rollout will continue over the course of the next few weeks as Mozilla works to confirm that no major issues are discovered as US Firefox users begin to use the new protocol.

A little over two years ago, the company began working to help update and secure one of the oldest parts of the internet, the Domain Name System (DNS). DNS links web addresses to IP addresses and when browsers need to perform a DNS lookup, unfortunately they have to do so without encryption.

In a blog post, former principal engineer at Mozilla, Patrick McManus explained why DNS lookups can jeopardize your privacy online, saying:

“DNS hails from the days of a kinder, more gentle Internet where it was normal to make this kind of query using unencrypted protocols and send them to any nearby server who claimed to be able to answer it. This approach is no longer a fit for the modern Internet.  Because there is no encryption, other devices along the way might collect (or even block or change) this data too.  DNS lookups are sent to servers that can spy on your website browsing history without either informing you or publishing a policy about what they do with that information.”


Given that now we know that unecrypted DNS is not only vulnerable to spying but is also being exploited by cybercriminals, Mozilla is working to help the internet make the shift to more secure alternatives.

The Firefox maker is now performing DNS lookups in an encrypted HTTPS connection to help hide your browsing history from attackers as well as to prevent data collection by third parties. Since Mozilla's work on DoH began, many other browsers have followed suit by announcing their own plans to support DoH.

At this time, DoH by default is being enabled by Firefox only in the US. However, if you're outside of the US and would like to enable DoH, you can do so by going to Firefox's network settings. By default, this change will send your encrypted DNS requests to Cloudflare but you also have the option to choose to use NextDNS instead.

Mozilla plans to enable DoH in other regions and the company is also working to add more DNS providers as trusted resolvers to its program.

  • Also check out our complete list of the best VPN services
Anthony Spadafora

After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal and TechRadar. He has been a tech enthusiast for as long as he can remember and has spent countless hours researching and tinkering with PCs, mobile phones and game consoles.