Security | FireFox | Configure DNS Over HTTPS in Firefox using Cloudflare

If you are using Firefox there are some settings in Firefox you can change and it will allow you to access the site (and other blocked ones...)

Configure DNS Over HTTPS in Firefox using Cloudflare

Update Firefox to the latest version

then, go to Firefox Options > General > Network Settings and check the box "Enable DNS over HTTPS". This will automatically throw two switches in about:config.

In Firefox "Address bar" type: about:config Press Enter and click on "I accept the risk!" which will allow you to configure Firefox properly.

you will be searching for and double clicking to change, "network.trr.mode" "network.trr.uri" "network.trr.bootstrapAddress" "esni.enabled"

network.trr.mode = 2

network.trr.uri =

Next, in about:config, set network.trr.bootstrapAddress to *note

Finally, set = true

Hard refresh your browser after the changes. CTRL + F5 to Hard Refresh.
That's it! You should be able to browse the sites you used to be able to.

?Optional - Don't worry about DNSSEC, Make sure you pass "Secure DNS" and "Encrypted SNI".
If you want to pass DNSSEC as well you will need to change your DNS settings, preferably in your router to use

Check your work by running all four tests at

network.trr.mode values:

    0: Off by default
    1: Firefox will choose based on which is faster
    2: TRR preferred, fall back to DNS on failure
    3: TRR only, no DNS fallback
    5: TRR completely disabled


Trusted Recursive Resolver
Firefox provides an optional resolver mechanism using a dedicated DNS-over-HTTPS server.
DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance.

Setting DNS-over-HTTPS in Firefox
Set `network.trr.mode` to 2 to make DNS Over HTTPS the browser's first choice but use regular DNS as a fallback (0 is "off by default", 1 lets Firefox pick whichever is faster, 3 for TRR only mode, 5 to explicitly turn it off).
Set `network.trr.uri`. Ones that you may use: (Privacy Policy),
TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.)

All prefs for TRR are under the "network.trr" hierarchy.



What is DNS?

Every website lives at a numerical IP address. Your Domain Name Server, or DNS, translates these numerical IP addresses into readable domain names we all know and remember. If your DNS settings are not working correctly, or you’re still using defaults, you may be at risk for cybercrime and performance issues. Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system’s performance, plus, it preserves and protects your privacy. It’s like an immunization for your computer.

Also check out
DNS is

DNS Privacy Project Homepage

DNS Privacy Clients

Cloudflare have release two tools to provide DOH clients, see
Frank Denis has a dnscrypt-proxy (client proxy) that supports DoH.
Curl also supports DoH
There is an Android App called 'Intra' which can be used to send all queries from the device over DOH to either Cloudflare or Google