Ever since Firefox Mozilla now implements TLS 1.3 as standard to controversial it has created and healthier internet surfing by making it secure with the help from Cloudflare. What it didn't do as for putting it in standard now is still DNS Over HTTPS (DOH) it's been readily been available for Firefox Nightly over a year now, but to my though, why not as a standard for each and every browser.

Mozilla has an operational agreement with Cloudflare in regards to the Study which prevents Cloudflare from keeping records or selling/transferring the data to third-parties.

DNS over HTTPS is a relatively new feature to improve the privacy, security and connection reliability of DNS look-ups; the feature is currently in draft status and tested by companies such as Google, Cloudflare or Mozilla.

DNS resolves play an important part on today's Internet; domain names that you enter in your browser's address bar need to be linked to IP addresses, and that is what DNS is used for.

These DNS look-ups happen automatically and often without any form of encryption or protection from prying eyes or tampering.

Internet users up until now had options to connect to a non-leaking VPN provider, switch the DNS provider to one that promises better privacy and security, or use DNSCrypt to improve privacy and security.

While nothing has been decided yet, it appears as if Mozilla will run the study in the proposed form. Now, this has gone by a year now, and last update from them was 8 months ago, so, nothing is published yet. If you ask me, join the improvement and enjoy the DNS Over HTTPS now and make it an standard.

Firefox Nightly users may want to monitor the preference network.trr.mode for changes. Users may set the preference to 0 to disable TRR and leave the study as a consequence.

There has been a slight change on Cloudflare and offers now for 1.1.1.1 for Families in which involves Malware and Phishing protection and has now option to use 1.1.1.2 - 1.0.0.2 as public recursive name service, as for block for Porn, malware and phishing you can use 1.1.1.3 - 1.0.0.3 as public recursive name server, as of 01.04.2020. So, minor changes has been done on this also.

DNS Over HTTPS - TRR can be activated with a little fiddling on

about:config

Type in Search bar ' TRR '. Find TRR.BootstrapAddress

network.trr.bootstrapAddress

and type in Cloudflare dns address ' 1.1.1.2 '.

1.1.1.2

• (default: none) by setting this field to the IP address of the host name used in "network.trr.uri", you can bypass using the system native resolver for it.

Find Network.TRR.ConfirmationNS and type ind DNS address from Cloudflare ' cloudflare-dns.com '.

network.trr.confirmationNS

Find Network.TRR.Credentials and type ind DNS address from Cloudflare ' cloudflare-dns.com '.

network.trr.credentials

Find Network.TRR.Custom_uri and type ind Public Recursive Name Server address which will block malware and block phishing when you surf the internet' security.cloudflare-dns.com '.

security.cloudflare-dns.com

Find TRR.Early-AAAA and activate by changing it to ' True '

network.trr.early-AAAA

On Firefox 72.0 it now comes with option to use TRR for NRPT, Proxy and VPN when detected. This ensures your connection are not compromised whenever it detects one of these are being used. It finally improves your surfing for the sake of your security when it already been proofed if one of these have vulnerability you can be hacked or even be an target for malware hit, but no more. If one of these are detected, you now can be rest assured it will have integrity even example your VPN has vulnerabilities until fixed, you can rest assure it will stay secure for that matter.

Find Enable TRR when NRPT Detected by changing the Boolean to True (Active).

network.trr.enable_when_nrpt_detected

The NRPT is a table that contains rules that you can configure to specify DNS settings or special behavior for names or namespaces. The NRPT can be configured using the Group Policy Management Editor under Computer Configuration\Policies\Windows Settings\Name Resolution Policy, or with Windows PowerShell. See the following example. It has 4 stages of example: 1. Local GPO, 2. Site-linked GPOs, 3. Domain-linked GPOs, 4. Organizational unit-linked GPOs - (GPO stands for Group Policy Object - short Group Policy)

Find Enable TRR when Proxy Detected by changing the Boolean to True (Active).

network.trr.enable_when_proxy_detected

Find Enable TRR when VPN Detected by changing the Boolean to True (Active).

network.trr.enable_when_vpn_detected

Remember never activate useGET hence it can reveal your credentials, make sure it is deactivated as ' False '. This ensure your browser os using POST. When the browser issues a request to the DOH server to resolve host names, it can do that using POST or GET. By default Firefox will use POST, but by toggling this you can enforce GET to be used instead.

Please, make sure it stays ' False ' for keep using POST and not useGET.

network.trr.useGET

Find TRR.Wait-... to ensure to it's set this boolean to tell Firefox ' True ' to wait for the captive portal detection to okay first before TRR is used.

network.trr.wait-for-A-and-AAAA

Find DNS Over HTTPS by name TRR.mode and set to 3 hence by standard it is set as 0. Look further below for what numbers from 0-4 do if configuration are set by number used. You can also opt-in to use value 2, if you find it too difficult to surf around with, but this can usually be resolved by opting to lower SSL encryption with value 3.

network.trr.mode

• A value of 3 uses TRR only. Never uses the native (after the initial setup).

• 4 - Reserved (used to be Shadow mode)

• 5 - Off by choice. This is the same as 0 but marks it as done by choice and not done by default.

Find Network.TRR.uri

network.trr.uri

and make sure you have stay to block malwares and block phishing please add public recursive name server ' security.cloudflare-dns.com ' address typed in.

security.cloudflare-dns.com

(default: none) set the URI for your DoH server. That's the URL Firefox will issue its HTTP request to. It must be a HTTPS URL. If "useGET" is enabled, Firefox will append "?dns=...." to the URI when it makes its HTTP requests. For the default POST requests, they will be issued to exactly the specified URI.

For publicly announced servers look further below on buttom topic of: TRR DNS over HTTPS configuration parameters

• Please, remember never to have Network.TRR.useGET as active or as ' True ' hence it can reveal your credentials and bad actor will gave upper hand if obtained nor is it private and secure.

Hereafter as last also you need to set it is going through DNS Over HTTPS by making your browser to wait for the captive portal detection before TRR is used, please make sure it set as ' True ' by finding name TRR.Wait-for....

network.trr.wait-for-portal

Then you are all set to use DNS Over HTTPS.

As of standard now available address that is included in Firefox is now with Firefox v. 66.0.3 preference network.trr.uri that's already set to the address of a DNS over HTTPS server. Available public server is right now:

• https://mozilla.cloudflare-dns.com/dns-query

• For more servers, see this unofficial list of DoH servers: https://github.com/curl/curl/wiki/DNS-over-HTTPS.

TRR DNS over HTTPS configuration parameters

Mozilla added several configuration parameters to Firefox that configure TRR.

The preference network.trr.mode defines the status of TRR in Firefox.

• A value of 0 means that it is disabled and not used.

• A value of 1 that Firefox uses either native DNS or TRR depending on which is faster.

• A value of 2 uses TRR by default but will fall back to the native resolver if the name resolve fails for whatever reason.

• A value of 3 enables TRR only mode. Only TRR is used and there is no fallback.

• A value of 4 runs it in shadow mode which means that TRR is run in parallel for gathering data but that the native resolver is used.

• A value of 5 - Off by choice. This is the same as 0 but marks it as done by choice and not done by default.

The preference network.trr.uri needs to be set to the address of a DNS over HTTPS server. Two public servers are available right now:

• https://dns.cloudflare.com/.well-known/dns

• https://dns.google.com/experimental

As of standard now available address that is included in Firefox is now preference network.trr.uri that's already set to the address of a DNS over HTTPS server. Available public server is right now:

• https://mozilla.cloudflare-dns.com/dns-query

• https://dns.google/dns-query

• For more servers, see this unofficial list of DoH servers: https://github.com/curl/curl/wiki/DNS-over-HTTPS.