Firefox’s DNS-over-HTTPS and how to exclude domains

Firefox DoH

I’ve been using Firefox as my primary driver for the last few years and it’s the go-to browser if you care about privacy with their Enhanced Tracking Protection, Containers and DNS-over-HTTPS.

There is also a wealth of Add-ons which can be added to your browser for further increased privacy such as:

If you are using Firefox and care about privacy at all, then you should be using DNS-over-HTTPS! By default when you type a website into the address bar, your browser will make a DNS request. This request will go through your computer, then your router and out to your ISPs DNS servers.

Even if you are not using your ISP’s DNS servers, your ISP can still either intercept and rewrite these request for blocking or log your queries as part of the Investigatory Powers Act 2016.

How to Enable DNS-over-HTTPs

Firefox General Settings

In your Firefox Options, under the ‘General’ tab, right at the bottom you have your Network Settings. Open your Network Settings and you’ll see the option to ‘Enable DNS over HTTPs’ with the choice of Cloudflare or NextDNS.

Excluding domains from DoH

With DNS-over-HTTPS ALL of your DNS requests will be forwarded, including any local domain queries. This can cause problems if you’re using a VPN, have any host file hacks in place, doing any conditional forwarding or loading internal websites at work. Luckily rather than using a different browser, you can exclude specific domains.

  1. Type about:config into the address bar and press Enter. Then accept the Proceed with Caution warning.firefox-config-warning
  2. Search for network.trr.excluded-domains.
  3. Click the edit pencil button on the far right.
  4. Add the domains you wish to exclude (comma separated) and save your changes by clicking the checkmark button.

Now with that done, you’ll still benefit from increased privacy and hopefully, no longer be inconvenient browser switching.