Mozilla plans to enable support for the DNS-over-HTTPS (DoH) protocol by default inside the Firefox browser for a small number of US users starting later this month.
The browser maker has been testing DoH support in Firefox since 2017. A recent experiment found no issues, and Mozilla plans to enable DoH in the main Firefox release for a small percentage of users, and then enable it for a broader audience if no issues arise.
“If this goes well, we will let you know when we’re ready for 100% deployment,” said Selena Deckelmann, Senior Director of Firefox Engineering at Mozilla.
What is DoH?
DoH (IETF RFC8484) allows Firefox to send DNS requests as normal-looking HTTPS traffic to special DoH-compatible DNS servers (called DoH resolvers). Basically, it hides DNS requests inside the normal deluge of HTTPS data.
By default, Firefox ships with support for relaying encrypted DoH requests via Cloudflare’s DoH resolver, but users can change it to any DoH resolver they want.
When DoH support is enabled in Firefox, the browser will ignore DNS settings set in the operating system, and use the browser-set DoH resolver.
By moving DNS server settings from the OS to the browser level, and by encrypting the DNS traffic, DoH effectively hides DNS traffic from internet service providers (ISPs), local parental control software, antivirus software, enterprise firewalls and traffic filters, and about any other third-party that tries to intercept and sniff a user’s traffic.