In June, Mozilla had announced that they were performing a limited Shield study for their Nightly users to monitor the performance of DNS-over-HTTPS (DoH) in Firefox. This study uses Cloudflare's DNS service to encrypt both the requests and responses to any DNS queries in order to increase a user's privacy.
Mozilla has been happy so far with the performance of DoH and have stated that even the slowest users have seen a huge performance improvement. Due to this, Mozilla is now expanding this Shield study to a small portion of the Release channel to get a wider audience testing their DNS-over-HTTPS feature.
"Our initial tests of DoH studied the time it takes to get a response from Cloudflare’s DoH resolver," stated Mozilla's announcement. "The results were very positive – the slowest users show a huge performance improvement. A recent test in our Beta channel confirmed that DoH is fast and isn’t causing problems for our users. However, those tests only measure the DNS operation itself, which isn’t the whole story."
As this expanded study will only roll out to a limited amount of users, not everyone who is currently using Firefox will have it enabled. For those who are picked to be part of the study, you will be shown an notification describing the study and asking if you wish to participate.
For those who were not selected for the study, but still wish to test Firefox's DoH implementation, you can enable it manually using the instructions below.
Currently DoH is still being tested by Firefox, but if you want to start using it immediately you can enable it in the about:config settings. To enable DoH, please follow these steps:
To test whether you are now using DoH to resolve DNS queries, you can go to Cloudflare's Browsing Experience Security Check page and click the "Check my browser" button. The web page will now perform a variety of tests to see if you are using Secure DNS, DNSSEC, TLS 1.3, or Encrypted SNI.
If DoH is enabled correctly it should report that Secure DNS and TLS 1.3 are enabled as shown below.
Firefox is now using DoH to resolve any DNS queries from the browser.