The following lines were added (+) and removed (-):
Firefox browser will ignore your network DNS by default in favor of DNS-over-HTTPS aka DoH. Firefox browser will ignore your network DNS by default in favor of '''DNS-over-HTTPS''' aka DoH or a type of Trusted Recursive Resolver (TRR). * In settings look for and uncheck "Enable DNS over HTTPS" to prevent a report of all web sites (via DNS query) being sent to a 3rd party. They can see a list of where you go on the web and store that for data collection purposes such as profiling you for marketing, analytics, or something far more nefarious. * In settings look for and uncheck "'''Enable DNS over HTTPS'''" to prevent a report of all web sites (via DNS query) being sent to a 3rd party. They can see a list of where you go on the web and store that for data collection purposes such as profiling you for marketing, analytics, or something far more nefarious. * From about:config a user can set network.trr.mode to 5 to completely disable TRR. To signal that their local DNS resolver implements special features that make the network unsuitable for DNS-over-HTTPS (DoH), network administrators may configure their networks to modify DNS requests for the following special-purpose domain, called a canary domain: use-application-dns.net.To signal that their local DNS resolver implements special features that make the network unsuitable for DNS-over-HTTPS (DoH), network administrators may configure their networks to modify DNS requests for the following special-purpose domain, called a canary domain: '''use-application-dns.net'''. Firefox is using '''https://cloudflare-dns.com/dns-query''' for the actual DNS resolution being performed. The Firefox Trusted Recursive Resolver (TRR) is named such in that "they" trust the DNS resolver, because they are in control. Network Administrators will mostly prefer to trust their own resolver, because my trusted resolver is certainly not what Mozilla trusts as a resolver. Quoted from a firewall vendor source, "''Mozilla has partnered with Cloudflare so that means TRR DNS queries are sent there and not to the intended server. Some people already use Cloudflare, or they don't care where the queries go, so that's a wash or a net gain. If you do not trust Cloudflare or do not want to put all your eggs in the Cloudflare basket, that's not so good.''"