Skip to main content

How to - Configure Firefox to use only DoH and not to fallback to OS native resolver

In this post, i will talk about configuring firefox browser to use DoH and not to fallback to OS native resolver 

Step 1 :-

Configure DoH like the way it is mentioned here - https://support.mozilla.org/en-US/kb/firefox-dns-over-https .

I am using  https://doh.nkn.in/dns-query  (which is the DoH server of https://www.nkn.in and in alpha testing stage) as my DoH server in firefox browser.


Step 2 :-

Check you configuration by typing about:networking#dns in the browser address bar. Most probably, you will see something like this -- 


Here, the DoH Mode option handles how firefox manages your DNS queries.  This document (https://wiki.mozilla.org/Trusted_Recursive_Resolver) talks about the options available under 'DoH Mode'.










So, if you want to use only DoH and not to fallback to native OS resolver, you can change the value of this parameter to '3'. 


Step 3 :-

For changing the value of 'DoH Mode' parameter, type about:config in the browser's address bar and search network.trr.mode and click on edit icon and change the value to '3'.






Now all the DNS Queries from the firefox browser will go to DoH server instead of native OS DNS. Make sure that DoH is available and accessible to you otherwise, you will not be able to access any site as we have disable the fallback to native OS functionality by changing the DoH Mode value from 2 to 3. 

Popular posts from this blog

Is APNIC policy of Members Voting Rights doing the Justice with NIRs and Corresponding Countries

APNIC (the Asia Pacific Network Information Centre) is the regional Internet address registry (RIR) for the Asia-Pacific region, service 56 economies, including India, Bangladesh, China, Australia, Japan and others. APNIC is one of the world's five RIRs and is part of the Number Resource Organization (NRO). As of date, the following 7 NIRs (National Internet Registries) are registered with APNIC for serving the local community a b c -- NIR Serving Economy Member under each NIR d APJII (ID) Indonesia 2916 e CNNIC (CN) China  1399 IRINN (IN) India  3368 JPNIC (JP) Japan   474 KISA (KR) Korea Not Available TWNIC (TW) Taiwan   299 VNNIC (VN) Vietnam   624 APNIC Membership is classified into 7 tiers depending on the IP holding by each member. Each membership tier has voting rights. These voting rights play a crucial role in governance and policies matt

Flaw in ServerKeyExchange messages of TLS Protocol

Here we will discuss the flaw in the ServerKeyExchange messages of the TLS protocol which caused the Logjam attack over TLS while using Diffie-Hellman Key Exchange. Before SSLv3, we don't use to authenticate the ServerKeyExchange messages where server negotiates with client regarding usage of cipersuite and parameters. From onwards SSLv3, TLS send the signed message where it mention about parameters it will use but remain silent over ciphersuite. Or in other words, signed portion contains parameters but not contain information about ciphersuite the server will going to use. Now just to remind you, the difference between DH and DH-EXPORT is the size of parameters only. So how to use this flaw - If the server supports DH-EXPORT, an attacker (Men-in-the-Middle) can edit the negotiation sent by the client (even if client doesn't support DH-EXPORT), and replace the list of client supported ciphersuite with DH-EXPORT only. The server will in turn send back a