Skip to content

Instantly share code, notes, and snippets.

@maxyudin

maxyudin/doh-esni-firefox.md

Last active March 29, 2024 21:10
Show Gist options
  • Save maxyudin/bee08a97c63c47e8b1d6dd8fce45f73d to your computer and use it in GitHub Desktop.
Save maxyudin/bee08a97c63c47e8b1d6dd8fce45f73d to your computer and use it in GitHub Desktop.
Download ZIP
DNS-over-HTTPS (DoH) and Encrypted SNI (ESNI) in Firefox
Raw
doh-esni-firefox.md

DNS-over-HTTPS (DoH) and Encrypted SNI (ESNI) in Firefox

Simple (no ESNI)

  • Go to Menu ⇒ Prefereces (or visit about:preferences)
    • Scroll down to the Network Settings and press Settings button
    • Check Enable DNS over HTTPS
    • Choose a provider or set a custom one from the publicly available servers list

Test your settings!

Advanced — Full protection (DoH + ESNI)

To edit the preference:

  • double click it or click Edit (or Toggle, it depends) To save the preference:
  • press Enter key or click Save To revert changes

Trusted Recursive Resolver

  • Visit about:config
    • Search for network.trr.uri preference
    • Search for network.trr.mode preference
      • Set it to one of the following:
        • 2 – Try TRR first, and use native resolver as a fallback (recommended)
        • 3 — Only use TRR (see v.73 and v.74 notes)
        • 0 — TRR off, default
        • 5 — TRR off by choice, the same as 0, but set explicitly

Encrypted Server Name Indication (Encrypted SNI, ESNI)

  • Search for network.security.esni.enabled preference
    • Set it to true

ESNI doesn't work anymore as of v. 85

Encrypted Client Hello: the future of ESNI in Firefox

Still available in Firefox ESR.

Enable Encrypted Client Hello (ECH)

Set

  • network.dns.echconfig.enabled ⇒ true
  • network.dns.use_https_rr_as_altsvc ⇒ true

Test your settings

Coudflare test One more way to test

Sources:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment