Technology

Firefox - Disable DoH

Since Firefox decided to roll out DNS-over-HTTPS (DoH) in the USA, and this is probably going to be the case for other countries, here’s a quick service post about how you can configure Firefox to deliberately do NOT use DoH

In about:config set network.trr.mode = 5 as documented here.

Background

Currently the supported modi of network.trr.mode are the following

0 - Off
1 - Reserved (used to be Race mode)
2 - First. Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
3 - Only. Only use TRR, never use the native resolver. 
4 - Reserved (used to be Shadow mode)
5 - Off by choice. This is the same as 0 but marks it as done by choice and not done by default.

The hope is that Firefox only changes the default behavior of DoH. By explicitly setting Off-by-choice I hope to overrides this setting, so that changing the default has no effect on your browser.

DoH has in my opinion zero practical benefits for 99% of all users. It does not prevent your ISP from sniffing, and it does not add an additional layer of security, with DNSSEC being in place.
And it makes my Pi-Hole sad.

Firefox
Licensed under CC BY-NC-SA 4.0
Last updated on Feb 29, 2020 14:57 UTC