Forward-looking: Mozilla has been testing and experimenting with DNS-over-HTTPS for some time, working with CDNs such as Cloudflare and Akamai. Having gained confidence in the performance and security benefits of encrypted DNS traffic, Mozilla seems ready to enable the feature by default.
In Mozilla’s continued cadence of adding privacy protections, Mozilla will soon be adding DNS-over-HTTPS to Firefox’s already rich catalog of privacy features.
Mozilla has actually been supporting DoH since 2018 with its Nightly Firefox builds, and in recent versions of Firefox, users have had the ability to manually enable DoH in the browser’s settings. However, the goal has been to get DoH to a point where Mozilla can integrate it into Firefox by default.
In recent experiments, Mozilla noted it has learned how to detect and mitigate problems with broad DoH deployment, while respecting both users’ choice to opt out and enterprise configurations that might not work with the feature. That said, Mozilla will be rolling out DoH in what it calls “fallback mode” later this month.
This means that if domain name look-ups using DoH fail, Firefox will revert back to using the default operating system DNS. Similarly, if Firefox detects that parental controls or enterprise policies are in effect, Firefox will disable DoH.
Mozilla plans to gradually roll out DoH in the USA in late September. Assuming no hiccups, the company will issue an update before a full default DNS-over-HTTPS deployment.