How to Enable DNS-over-HTTPS in Firefox

Why Enable Encrypted DNS on Firefox?

By default, DNS queries are sent in plain text over UDP port 53. This means your ISP, network administrator, or anyone on your local network can see every domain you visit. Encrypted DNS solves this by wrapping your DNS queries in TLS or HTTPS encryption.

• DNS-over-HTTPS (DoH) sends DNS queries inside HTTPS on port 443 — the same port used for web traffic. This makes it very difficult to block or detect.
• DNS-over-TLS (DoT) sends DNS queries encrypted via TLS on port 853. It is a dedicated protocol that is easier for network admins to manage but may be blocked on some networks.

This guide shows you how to configure DoH on Firefox.

Step-by-Step Setup Instructions

Follow these steps to enable encrypted DNS on Firefox:

1. Open Firefox Settings
   Click the hamburger menu (three horizontal lines) in the top-right corner of Firefox and select Settings. Alternatively, type about:preferences in the address bar and press Enter.
2. Navigate to DNS over HTTPS
   Scroll down to the Privacy & Security section in the left sidebar. Scroll down to the DNS over HTTPS section near the bottom of the page.
3. Enable DNS over HTTPS
   Under DNS over HTTPS, select Max Protection for the strongest encryption (blocks all unencrypted DNS). Alternatively, select Increased Protection to allow fallback to unencrypted DNS if DoH fails.
4. Choose your DNS provider
   Select a provider from the dropdown: Cloudflare (default), NextDNS, or Custom. For Custom, enter the DoH URL directly, e.g., https://dns.google/dns-query for Google DNS or https://dns.quad9.net/dns-query for Quad9.
5. Save and verify
   Settings are applied immediately. To verify, visit about:networking#dns in Firefox to see resolved DNS entries. Check the TRR column — "true" means the query was resolved via DNS-over-HTTPS.

After configuring encrypted DNS, it is recommended to clear your DNS cache and test the configuration using a DNS leak test site.

Recommended Encrypted DNS Providers

These providers support encrypted DNS and are compatible with Firefox:

Verify Your Encrypted DNS Setup

After configuring encrypted DNS on Firefox, run our DNS Privacy Check to verify your queries are encrypted and your ISP cannot see your DNS traffic.

Encrypted DNS Guides for Other Platforms

Set up encrypted DNS on all your devices for comprehensive protection:

• Windows 11 (DoH)
• macOS (DoH & DoT)
• Android (DoT)
• iPhone & iPad (DoH & DoT)
• Chrome (DoH)
• Microsoft Edge (DoH)
• Linux (systemd-resolved) (DoT)
• Unbound (DoT)
• Router (DoH & DoT)

Related Resources

• DoH vs DoT: Which encrypted DNS protocol should you use?
• DNS Privacy & Security Check tool
• Best private DNS servers
• All DNS guides
• Browse DNS servers by country

Frequently Asked Questions

Does Firefox DNS-over-HTTPS protect all my traffic?

Firefox DoH only encrypts DNS queries made by Firefox itself. Other applications on your computer, including other browsers, still use your system DNS settings. For full system-wide encrypted DNS, configure it at the OS or router level.

What is the difference between Max Protection and Increased Protection?

Max Protection forces all DNS queries through DoH and will show an error page if DoH fails. Increased Protection tries DoH first but falls back to your system DNS if the DoH server is unreachable. Max Protection provides stronger privacy but may cause issues on networks that block DoH.

Will DNS-over-HTTPS in Firefox bypass parental controls?

It can. If your network uses DNS-based content filtering (like OpenDNS Family Shield), enabling DoH in Firefox will bypass those filters for Firefox traffic. Firefox includes a canary domain check to detect managed networks and may disable DoH automatically in enterprise environments.

How do I check if DoH is working in Firefox?

Type about:networking#dns in the Firefox address bar. Look at the TRR column — entries showing "true" were resolved via DNS-over-HTTPS. You can also visit our DNS Privacy Check tool to test from within Firefox.