Firefox's DNS settings

Managing Firefox's DNS settings rather than them controlling you.

Firefox does a few things intending to make your browsing experience better, but this isn't without its own issues.  This article is about the things Firefox does with DNS, some of the issues with what they do, and how to manage some of it. Some basic understanding of DNS required.

Firefox for starters, adds its own level of DNS that it even exists makes life more challenging to troubleshoot problems:

• It has its own layer of cache that, by default, remembers a given DNS lookup for 60 seconds. Clearing your host's DNS cache does not clear this one, and I've seen it remember failures, which is the straw that pushed me to learn all of this.

• It looks up all the links on a page when you load the page. So if a page has many links like I have in my bookmark pages or my client site admin pages, then it actually slows things down in addition to effectively advertising what page you were on to whoever might be watching DNS traffic.  Never mind all the additional traffic/packets to sieve through when troubleshooting.

Recently, Mozilla has added a new feature that will tunnel the DNS traffic over HTTPS through to their own DNS servers, aka DoH.  While good to protect the otherwise easy to read DNS traffic from prying eyes, it does mean that Mozilla/Cloudflare gets to see all your browsing DNS traffic.  Cloudflare is the current provider of this service for Firefox, and it is a changeable setting.  This makes it a question of which do you trust more, your local DNS path or Mozilla/Cloudflare?  Mozilla's stated intention is to have DoH be the default in the future, and they are 'just testing,' and now they are giving unsure messages of it given the push-back. ZDNet article on the downsides of DoH.  A way of blocking Firefox DoH

To see and possibly edit the settings for these, we need to get under the hood where we can do damage if we fumble finger anything.  So the first thing you want to do is backup your Firefox profile.  You can (and should periodically do) backup the entire profile as per Mozilla Support.

•  I make a point of clearing my Firefox cache beforehand to keep the backup size manageable.
• The file that gets touched in the following is the prefs.js, so making multiple copies of this as you edit your settings is a good thing.

Steps to see/edit Firefox DNS configuration:

• Type "about:config" in Firefox's address bar and press the Enter key.  
• Accept the warning/risk and be very careful here.
• On older Firefox (or newer after clicking on "Show All") : Scroll down to the network.dns....  selections about 3/4 the way down,  where a capital 'I' is ahead of the lowercase 'd' (ASCII sort rather than alphabetic sort)
• On Firefox starting with version 71 you get a prompt where you enter 'dns' for one set of below and then replace with 'trr' for the rest.

The settings of note are:
network.dns.disablePrefetch
   I set this to true as it doesn't make much sense for my use having FF go and look up all the things on the pages when I only go to one of them at a time.

network.dnsCacheExpiration
network.dnsCacheEntries
network.dnsCacheExpirationGracePeriod
   Setting either expiration or entries to '0' (zero) stops Firefox from caching DNS entries, leaving that up to your OS and upstream DNS server(s). Setting all three to '0' (zero) makes sure Firefox's cache is not being used.

network.trr.mode 0
network.trr.uri https://mozilla.cloudflare-dns.com/dns-query
   This is for the DNS over HTTPS, where the mode is a 0 or 5 has it disabled, and the URI is where it goes for content.     For more about this setting or the easier/safer way to set them


Any changes appear to be immediate, so just close you're about:config tab and proceed as per normal. Some browsing may be faster; some may be slower, but either way, you are that much more in control of your surfing.

Update 2019-12-15  After first writing this, Firefox made some nice changes with version 71 on how the about:config page works and this is now included.   Further reading on the (Anti-)Competitive and Network Neutrality aspects of DoH that shows how for most of us DoH is more pain than gain with out much of the touted benefit.