Firefox DNS over HTTPS (DoH) is a feature that enhances privacy for everyone. When you type a web address into your address bar, Firefox for Android sends a secure DNS request to look up the IP address for that website over the Internet. DNS over HTTPS protection can be configured in four different ways.

Configure DoH protection settings

Default Protection lets Firefox for Android select a DoH server automatically in specific regions when available. If you would like to modify the settings or select a different level of protection, please follow these steps:

1. Tap the menu button
   
2. Tap Settings.
3. Scroll down to the Privacy & Security section.
4. Tap DNS over HTTPS and choose the level of protection you want.

Protection levels explained

Default Protection

The Default Protection automatically enables secure DNS when available and falls back to the default resolvers if there are issues. Default protection allows you to use local providers when possible. It disables DoH when parental control or enterprise policies are active or when a network tells Firefox not to use secure DNS.

Increased Protection

When Increased Protection is on, DoH is constantly active with the provider you select. We will only switch to a backup option if there are any issues with your chosen provider.

Max Protection

Max Protection will always use secure DNS and an error will show if we can’t connect to the secure DNS resolver, or if the secure DNS resolver indicates there are no addresses for the domain you are trying to access.

Off

When secure DNS is off, you’ll use your default DNS resolver.

Add sites to the Exceptions list

1. Tap the + Add Site button at the top of the screen.
2. Enter the website address and select Save.

Frequently asked questions

What is a local provider?

A local provider, typically hosted within a user's local network or by their ISP, secures DNS queries for safer internet access. To detect a local provider, specific heuristics are used, which examine network configuration and DNS response patterns. Note that local providers are only employed in the Default Protection mode of DNS settings. They are used only when all heuristics criteria are met, ensuring that the DNS resolver is local and suitable for secure, efficient query resolutions.

Why would a network tell Firefox not to use secure DNS?

Some organizations restrict access to certain websites. If an organization has their own secure DNS, they will ask Firefox not to bypass it.

For additional information on DNS over HTTPS, you can refer to some of the commonly asked questions (FAQs).