3aIT Blog

Firefox now allows you to look up web addresses securely rather than sending these requests to your default supplier. This is called DNS over HTTPS, or DoH. Good for security, but it can lead to problems if you have local DNS on your machine or company network that this then bypasses. This HowTo explains how you can create exclusions for these addresses so they continue to work as they should.

Firefox Network Settings Panel

Step 1: Depending on where you are in the world, Firefox will now default to DNS over HTTPS. To see whether this applies to you (and to switch it on and off as necessary), you can find this setting in Options -> General -> Click "Settings" next to Network Settings (at the bottom). At the bottom of this panel, there's a "Enable DNS over HTTPS" option, along with a dropdown indicating where this request is being sent.

Enter about:config into address bar

Step 2: To exclude one or more domains from this feature so Firefox continues querying your local DNS (eg the hosts file on your machine or a company network that has settings for local intranets and similar), first type about:config in the address bar. This will usually bring up a warning prompting you to accept the risk and continue. Agree to this.

Enter "Exclude" into the search box

Step 3: In the search bar at the top, type the word "exclude"

Enter the domains you wish to exclude

Step 4. Find the setting called "network.trr.excluded-domains". Hit the edit button on the right. You can now add any domains here that you want to exclude from the DNS over HTTPS lookups. Don't include http:// before them. If you have more than one, separate each with a comma. Hit the tick when you're done. These domains should now resolve locally rather than via your DoH server.