Mozilla announced today that NextDNS would be joining Cloudflare as the second DNS-over-HTTPS (DoH) provider inside Firefox.
The browser maker says NextDNS passed the conditions imposed by its Trusted Recursive Resolver (TRR) program, and can now be added as a second option for DoH inside Firefox.
These conditions include (1) limiting the data NextDNS collects from the DoH server used by Firefox users; (2) being transparent about the data they collect; and (3) promising not to censor, filter, or block DNS traffic unless specifically requested by law enforcement.
This means that starting sometime next year, NextDNS will appear as a second option in the Firefox -> Options -> General -> Network Settings -> Settings -> Enable DNS over HTTPS section.
DNS-over-HTTPS, or DoH, is a new feature that was added to Firefox last year. When enabled, it encrypts DNS traffic coming in and out of the browser.
DNS traffic is not only encrypted but also moved from port 53 (for DNS traffic) to port 443 (for HTTPS traffic), effectively hiding DNS queries and replies inside the browser’s normal stream of HTTPS content.
This encrypted DNS traffic reaches a so-called DoH resolver. Here, the DoH traffic is decrypted and the DoH resolver makes the DNS query on the user’s behalf, receives the result, encrypts it, and sends it back to the user’s browser — also disguised inside encrypted HTTPS content.
The DoH protocol, co-developed by Cloudflare and Mozilla, allows users to retain their privacy when making DNS queries; queries that can reveal a lot of personal information.
Because in recent years HTTPS (encrypted HTTP) became more popular, it made it impossible for internet service providers (ISPs) to monitor plaintext HTTP connections. As an alternative, ISPs have been watching and collecting DNS traffic as a way to track users and their online habits.
With DoH support in Firefox, Mozilla is giving users the opportunity to hide DNS traffic from snooping third-parties.
Initial DoH support was added in Firefox 62, released in September 2018. At first, users could only use DoH by funneling all Firefox DNS traffic to Cloudflare servers.
An option to use custom DoH resolvers was added in 2018, but Cloudflare remained the default DoH resolver every time users enabled DoH.
Because configuring Firefox to use a custom DoH resolver instead of Cloudflare is extremely complex and out of the reach of most Firefox users, Mozilla has been criticized over the past few months for favoring Cloudflare in the detriment of other DoH providers.
By adding NextDNS to Firefox, Mozilla is answering to some of the criticism and pressure critics have exerted on the browser maker over the past few months.