What you need to know
- DNS over HTTPS is now on by default for users of Mozilla Firefox in the U.S..
- The feature provides an encrypted and more secure way to browse the web.
- People outside the U.S. can also
Mozilla Firefox will now have DNS over HTTPS (DoH) on by default for people in the U.S.. As a result, browsing the web will now be more secure and go through encryption. People outside of the U.S. can turn the feature on as well, though it isn't on by default. People can choose between Cloudflare or NextDNS as providers for DoH, with Cloudflare as the default.
Mozilla's blog post announcing the move to have DoH on by default does an excellent job explaining why DoH is needed. Here's a key excerpt from Mozilla's explanation:
DNS is a database that links a human-friendly name, such as www.mozilla.org, to a computer-friendly series of numbers, called an IP address (e.g. 192.0.2.1). By performing a "lookup" in this database, your web browser is able to find websites on your behalf. Because of how DNS was originally designed decades ago, browsers doing DNS lookups for websites — even encrypted https:// sites — had to perform these lookups without encryption.
Because DNS was not originally encrypted, people could collect or block data when people navigated the web. DoH performs DNS lookups within an encrypted HTTPS connection and adds an encryption layer to a process that previously lacked one.
Several browsers support DoH, though it's often a hidden feature. To turn the feature on within many Chromium-based browsers, you need to turn it on. For example, to turn DoH on in Google Chrome, you need to use chrome://flags.
Firefox now has DoH on by default for anyone inside the U.S., and people outside the U.S. can enable DoH through Firefox's settings. In the browser's settings, you can also choose between Cloudflare and NextDNS.