Using DoH on Android with Firefox

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

DNS over HTTPS - Wikipedia

DNS Over HTTPS can be useful on Android if you want to use blocklists without the need for addons or extra software.

I previously wrote about Mozilla forcing Cloudflare DoH being a negative thing, mainly due to centralizing all requests to a single service.
Since then there has been an effort to create more options with more providers setting up services.

Picking a Server #

Things to look for

• Zero Logging
• DNSSEC
• IPv6

The best list of public DoH services I could find is on the curl wiki.

Public DNS over HTTPS Servers - curl/curl Wiki - Github

There are many options with different features including malware blocking & cloud services that allow the use of custom blocklists.

Configuration #

Firefox Nightly for Developers - Apps on Google Play

1. Open about:config
2. Type network.trr.mode
3. Set Value to 3
4. Type network.trr.custom_uri
5. Set Value to provider uri (eg: https://cusom-server-uri/dns-query)

Disable WebRTC #

If you are using a VPN you may want to disable WebRTC to prevent your real IP being exposed.

1. Open about:config
2. Type media.peerconnection.enabled
3. Toggle to false

Vulnerability - WebRTC - Wikipedia

Disable Data Collection #

As nightly is considered a development platform & sends data you may want to disable data collection.

1. Open Settings
2. Go To Data collection
3. Disable Options

• Usage and technical data
• Marketing data (mobile marketing vendor)
• Studies

Check Settings Applied #

Click the links below to check the settings have been successfully applied.

Check DNS currently in use - BrowserLeaks

Check for WebRTC leaks - BrowserLeaks