At Mozilla phase of testing support for DNS over HTTPS (DNS over HTTPS, DoH) and intend to launch the feature in the US by the end of this month. After a full-fledged start, the possibility of launching the protocol will be considered for other countries.
This technology allows you to encrypt DNS traffic, although you can turn off the function in the browser and use regular DNS queries. Users of parental control systems and corporate networks are likely to do this, since they have a system of checks to automatically disable DoH.
This technology could be useful for protecting against data leaks through ISPs' DNS servers. It could also be used against MITM attacks, DNS spoofing, and bypassing blocking at the level of domain names And so on. After all, the current DNSSEC standard uses encryption only for client and server authentication, but does not protect against data interception or spoofing.
DoH is enabled in about:config using the network.trr.mode variable, which was introduced in Firefox 60. A value of 0 disables DoH completely. A value of 1 allows you to automatically choose between DNS or DoH, whichever is faster. 2 uses DoH by default and DNS as a fallback. If set to 3, only DNS over HTTPS is enabled. Finally, if you set parameter 4, then mirroring mode is activated, in which DoH and DNS operate in parallel. This uses the CloudFlare DNS server, although it can be changed.
Source: 3dnews.ru
