DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

DNS over HTTPS - Wikipedia

DNS Over HTTPS can be useful on Android if you want to use blocklists without the need for addons or extra software.

I previously wrote about Mozilla forcing Cloudflare DoH being a negative thing, mainly due to centralizing all requests to a single service.
Since then there has been an effort to create more options with more providers setting up services.

Picking a Server #

Things to look for

The best list of public DoH services I could find is on the curl wiki.

Public DNS over HTTPS Servers - curl/curl Wiki - Github

There are many options with different features including malware blocking & cloud services that allow the use of custom blocklists.

Configuration #


DNS Over HTTPS only works on Firefox Nightly at time of writing


Nightly is an unstable testing and development platform

Firefox Nightly for Developers - Apps on Google Play


The interface for setting DNS over HTTPS is not implemented in Firefox on Android
Set these options in about:config.

  1. Open about:config
  2. Type network.trr.mode
  3. Set Value to 3
  4. Type network.trr.custom_uri
  5. Set Value to provider uri (eg: https://cusom-server-uri/dns-query)

Disable WebRTC #

If you are using a VPN you may want to disable WebRTC to prevent your real IP being exposed.

  1. Open about:config
  2. Type media.peerconnection.enabled
  3. Toggle to false

Vulnerability - WebRTC - Wikipedia

Disable Data Collection #


By default, Firefox Nightly automatically sends data to Mozilla

As nightly is considered a development platform & sends data you may want to disable data collection.

  1. Open Settings
  2. Go To Data collection
  3. Disable Options
  • Usage and technical data
  • Marketing data (mobile marketing vendor)
  • Studies

Check Settings Applied #

Click the links below to check the settings have been successfully applied.

Check DNS currently in use - BrowserLeaks

Check for WebRTC leaks - BrowserLeaks