Mozilla has begun to roll out DNS over HTTPS (DoH) on its Firefox browser by default for all users in the United States, in a bid to enhance their privacy and security on the web. "The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users," said Mozilla this week.

The Domain Name System (DNS) is central to the internet’s fabric – when you type the name of a website into the address bar of your browser, a DNS server converts the name xyz.com into a numeric address, or to use a term you may be more familiar with, an IP address. However, these requests and replies are sent in clear text, exposing netizens to a host of privacy and security threats.

This is where DoH should come in, since it adds encryption to the process of DNS lookups. “This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit,” said Selena Deckelmann, Vice President for Firefox Desktop Product Development. Other browsers, such as Chrome and Brave, have also started to support DoH.

Not everyone has hopped on the DoH bandwagon, however. In a recent interview for WLS, Internet pioneer Dr. Paul Vixie disputed claims put forward by DoH advocates: “No actual privacy is added by DNS over HTTPS (DoH); that’s a lie that its proponents tell to cover up their real motives. DNS over TLS (DoT) offers the same privacy as DoH, because they both rely on Transport Layer Security (TLS).”

This is not the only concern, as DoH can have negative implications for security as well. With DoH in place, organizations’ security operations center teams may have a hard time identifying malware communication that can masquerade as regular HTTPS traffic on their networks. Fortunately, there are multiple ways to deal with the challenges, and we discussed them in a dedicated article earlier this month.

The DoH option is enabled by default in the United States only. If you’re outside the US and want to activate it, you can do so by navigating to Firefox’s Options menu, scrolling down to Network Settings, clicking on Settings on the right and then scrolling down and ticking the ‘Enable DNS over HTTPS’ checkbox. You can choose between two providers, Cloudflare and NextDNS, that Mozilla considers trusted DNS resolvers.