Mozilla recently started to deploy DNS over HTTPS for Firefox to ensure that DNS resolution is also secure. Although there is more, in this article we will show how you can remove specific domains from Firefox DNS over HTTPS. Firefox offers extensive configuration for DoH, especially for organizations that depend on their DNS.
Remove specific domains from Firefox DNS over HTTPS
Although not recommended, Firefox offers a way to add specific domains so that they can bypass DNS over HTTPS. However, you must add these domains using the Firefox configuration manually.
- Type about: config in the address bar and press Enter.
- Accept the warning page message
- Search network.trr.excluded-domains.
- Click the Edit button next to the preference.
- Add domains, separated by commas, to the list
- Click the check mark to save the change.
If you find that the list already contains websites, we suggest that you do not remove anything from it.
When should you add domains to the exception list?
Although DoH improves privacy by keeping the ISP and someone on public WiFi, websites may not work for you when tried by DoH. On top of that, this can be crucial for networks that use custom DNS.
An organization with internal strategies for DNS
The default functionality offered by Firefox is excellent for a general consumer. However, this may not be ideal for organizations. Many rely on DNS to block malware, enable parental controls, or filter your browser’s access to websites. DoH bypasses all these elements and is therefore not useful. In addition, some websites do not resolve until you are connected to a corporate network.
Firefox offers a solution– Canarian domain. Firefox will attempt to resolve this domain using the DNS server or servers configured in the device’s operating system. If it appears negative, it will be a signal to deactivate the DNS of the application, i.e. DoH.
If DoH results in slower DNS resolution
DoH can be longer and if this happens often for you and for a particular website, you can choose to add them to the list of exceptions.
Cloudflare like DoH
In the United States, Firefox uses Cloudflare as the DNS. Now any DNS resolver can see the query, but Firefox and Cloudflare agree to prohibit Cloudflare or any other DoH partner from collecting personally identifiable information. If you are not comfortable with this, you have two options.
- Replace Cloudflare with any other trusted DNS
- You can unsubscribe by unchecking it entirely or from the notification you receive if and when DoH is activated for the first time
Firefox also recommends that American users deactivate the Firefox study (about: studies) which collects data to improve the user experience. You can also deactivate Firefox data collection available under the Privacy and Security panel.
We hope the publication was useful and that you were able to remove specific domains from Firefox DNS via HTTPS.